Malware Analysis Report

2024-12-07 10:15

Sample ID 241112-wh4dzsxhpj
Target b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe
SHA256 b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4

Threat Level: Likely malicious

The file b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (377) files with added filename extension

Renames multiple (4639) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 17:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 17:56

Reported

2024-11-12 17:58

Platform

win7-20241010-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe"

Signatures

Renames multiple (377) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe

"C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe"

Network

N/A

Files

memory/2860-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 9e64c3b24e4d1055e6eacbff623122fa
SHA1 21ffdde184830efb4c70fdba90f971ef0c6f6b97
SHA256 cca952d41ace9b41ece6ba81ee24d9fe9d32c503ca931aca77bc5e35565cbfcc
SHA512 bd94a26b56fec662ac35e21edb88db2b713c9ecbfa105490413dfa7de369d00e5a0a78e0027f99439a99ad160f255a59cdfeafb29dec98fc64ff052df367fe88

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 866061d9adbc337bb6f9832cd79a34c1
SHA1 853bcf435557d6b360abd1254764f0619005e628
SHA256 3a320df9d9e8275ccea6fb424708ee35b8d53c387dd23b1585e4aa39ca261328
SHA512 a584a6a09cd8fc23823bfc77140e9675e4efe5f66f0b32d8f77f54ef92910135b39d043d84358dfea735aa1319a6a968e0a066d5868c3853ecbae077d33d4f06

memory/2860-27-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 17:56

Reported

2024-11-12 17:58

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe"

Signatures

Renames multiple (4639) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe

"C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/3520-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 dd51cbc48fe102b4b60671b8763b7ffd
SHA1 75116fc6da693a0b6ad3bd528837266e9894bd63
SHA256 d795f70a1bfc89e2c9fff4b49e751f18c5b91e147f37d553411b4e35e0fb84f9
SHA512 774ae7a49150b88e7b515dd50c2f28cd7c342b5a8bae456fc4783532c935f8db2203a1dabc7015e4fccfbceba058617783b04dd853faa3738a2f98cc6dff61db

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0bfdf9b294c5dd53d43de4eec361bcbb
SHA1 ac500c3bb82c29411952f4d4dbce073b314b83f1
SHA256 5e9db42dd2b2b4e3e626c61b9d4772d16aa93341000083ad613cebdb6f43d434
SHA512 97dca99c6cd4dfa9bde45b7bca75b3ea6a6dcd6ed3b27d06128d088d1137181bd926256cdd95000a003b49f57dcb7438dc470e6bc46edc24ed757639f24a53aa

memory/3520-686-0x0000000000400000-0x000000000040A000-memory.dmp