Malware Analysis Report

2024-12-07 10:00

Sample ID 241114-2zvfasyjgk
Target 6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511
SHA256 6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511

Threat Level: Likely malicious

The file 6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4537) files with added filename extension

Renames multiple (1178) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 23:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 23:01

Reported

2024-11-14 23:04

Platform

win7-20241010-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe"

Signatures

Renames multiple (1178) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe

"C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe"

Network

N/A

Files

memory/2208-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 447f69984adf2add4725ec9383e265da
SHA1 7a3153ec0d8a69cd9e1b424ae68d0ef344bc4798
SHA256 90518d0fac1e5f2f4fe2d9fe42028af9e88b474cb6e17d17d9edda53b016324a
SHA512 28f06b1bbb07e7902bb68556a16442e39d2ec4a0ea28cbc69001e1c2653aca075eb7c700b87c9c9db6a3bf94e36c8bad30bd7d7e52f423f28ff6c771ac7643c9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5ea63ae9edfe3e9be8beeef10b34cee6
SHA1 f360006c47d4b94e6f13fe209266d75ee4cf3c7d
SHA256 d0ade2aa4aaaa58fdba7861ae5444644a5c1cea5c9f41cc10d31efd4e48086d5
SHA512 6d5542a901f37971c6e7811a44dec00b62d8e5b1cb64a28b966fa69c84d91bb76fbe74283fc8f491d9686f0f116b62b76249b5a670a868b33b962936feee46e8

memory/2208-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 23:01

Reported

2024-11-14 23:04

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe"

Signatures

Renames multiple (4537) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe

"C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/2400-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 39c66ef4669f331cdf483577c1171c45
SHA1 f7af6c11b3a2ac968bd56b4427a8e70af6e15a1d
SHA256 1fa01741d0d84e61300baf9ec176aa09012dbdcd1fb0faf27e70eb2206e49517
SHA512 d6363276d596e737d3907eb370973ad23c780d92647e730baeb88756284f658df386db4c04371e321d98a21b58e5d52cd7a7740ff3c1a669f1cc5efd44b834a3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ef2913b297fe7ace563b736a41ecb2c3
SHA1 6cee6b0206a8840b1999d18d1b09be8245ebcbe4
SHA256 0040a8974f401b1aeca588310fbd78edaf4065590ae80cea0be62972b68ce2ff
SHA512 a4c6541bf96a93279eb33ab9334638c665369e4f2e7a7c8e126edc17ca072f6f65edc6e413b68c4ae5bcf20af70157a9a1fef2611f551adde8f881e401d1192f

memory/2400-642-0x0000000000400000-0x000000000040A000-memory.dmp