Malware Analysis Report

2025-03-15 08:25

Sample ID 241020-xkezvavanb
Target 1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N
SHA256 1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97

Threat Level: Likely malicious

The file 1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4382) files with added filename extension

Renames multiple (262) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 18:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 18:54

Reported

2024-10-20 18:56

Platform

win7-20241010-en

Max time kernel

117s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe"

Signatures

Renames multiple (262) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe

"C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe"

Network

N/A

Files

memory/2880-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 6c0984d6435fbb4ffecedf01a0a86c40
SHA1 2a69b5cca40dcc39b7d857ee898192e25583e964
SHA256 e2ddd78ec02189f3c5c76759b44632082b64b5706cf833a9523694327871d7c9
SHA512 8de6b4c7bfe4d798715a4125410a1d399313837cc3e09c5567f76558a9500b6b8afdc034030fada8411763bb6429f915d7ccd302c8aa79a599dd89b853ec1b97

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c5be7c5c9ce949bee9ec0998f89f7a41
SHA1 f075b8307b7d08092abb74b335b8023ced3150d0
SHA256 86f9137b2576ffca4ac882aaef1c30324141083837a13f4ed4fb1dc00c119363
SHA512 abdb9212d4fc035dd0b9c68cdb73a3a92a2822ad2b856cf07cda5747e5777dee1b8a3052d7fd8754c61d7ab7807b1122d21a0c4db644cbf8e16a1e583261abcd

memory/2880-19-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 18:54

Reported

2024-10-20 18:56

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe"

Signatures

Renames multiple (4382) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe

"C:\Users\Admin\AppData\Local\Temp\1cc46f2963f84cfa618d179a6a1ae009206cc44a0ee9fafded5d17781f589e97N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/324-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 047ee43316eefae3551df01aaf4a7a03
SHA1 589ddd70e29a5650b3b5585a2fcd7f881d715f7e
SHA256 30fa4c391962c5c3a06b76cf5298c62ef57597cc2b5cc642105cc49c0af3418e
SHA512 5813cfbc581417fcda499a4340fc84ba4b702f5e3f420e545581a1878e13724ad41aff16911a41fc0552da86796a72951848ca83f02f3dd2cfcc60fffff1243e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8de8d49e3a3ffa7032c16bdf4e788653
SHA1 1708fab022b0ae68f59cdc9c3f78e3d92fa7279c
SHA256 35d95b65043ed4a17cbac0334366a225468a55d8f7e536f6422be9937a99cfd4
SHA512 7abc51fd64be8ef4a25ffc1a153fb26bc851d5a18021455512da8048f31e322a8fb4e8e2ceebe0759c7e4f038e4e0983ee3c030ea4373b261b61273cc0777418

memory/324-662-0x0000000000400000-0x000000000040A000-memory.dmp