Malware Analysis Report

2025-03-15 08:23

Sample ID 241021-ashdls1bmm
Target 6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N
SHA256 6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3

Threat Level: Likely malicious

The file 6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4213) files with added filename extension

Renames multiple (2852) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 00:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 00:28

Reported

2024-10-21 00:30

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe"

Signatures

Renames multiple (2852) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe

"C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe"

Network

N/A

Files

memory/764-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 f61614b7ec5ea6bcc5487a8c5c71792c
SHA1 e7ec9c6381b3ba2493766723fee8f203bd624ad7
SHA256 e0766169299a94f4a6b5fdae152122f4cec3e073d50f40214f48491d5a19b711
SHA512 570c7d822a1685dd3687f0600b60977d49545f870104834abcc93658abd36d089f8d88e6e7a84d05fc0594e97d0d66103ea7e4e85424b10225ffb859d927770d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c417b324ac43bc009f3c196d688ee172
SHA1 bd9f029805c530f21f1d9fec95b71238280889e2
SHA256 50beb8eae5eca75461d76c6e639822ac20f9556b577386aba5b66c4bc670c055
SHA512 778282e1da829eafe761749bdcbbee7c6aa4bdf7096f40842ccb6cf96499989248e5f498fd3b6e1b510a1bf3550247cc442568326ed472384d9d8ef9f498ebf9

memory/764-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 00:28

Reported

2024-10-21 00:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe"

Signatures

Renames multiple (4213) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe

"C:\Users\Admin\AppData\Local\Temp\6d77a570c350a271724e66f10e9935392397c1a14efa378b1e302b466c77a4f3N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4084-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 f2f7cad3e0f7cc7d275a5b121f72047d
SHA1 e5be47d6b3c2d4c8e2d5ac43d4dbcb68348656e9
SHA256 82d8b46b84608763a3d7120bfbb27f09531361f43532108ce13f0a47680ca0aa
SHA512 0b027184eb6155da2b89109d860fb06c2c556b7c8fe7c33017954a4837f2919df3145e2818f523f133866b82283b61492b0410adedee995d6dfed5be272d4b83

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1d115f450715dc528264efea7a2f428b
SHA1 dd85af8279b78662a80766dbbe3f2539d12ea738
SHA256 cdecc84fa971fb3fc3596c3cb945f5315bdfcbb7226fbd664438b1a720cd2300
SHA512 beff60e35f9ae6e23baf60aa9e8e3b827153600a46e79f0274b482bcc9f1cc8c27cd96d55f1712a97df3fb03d4145f012d4d639143b2efb2ed992b56de37dabc

memory/4084-654-0x0000000000400000-0x000000000040B000-memory.dmp