Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-24wh6avdpl
Target 6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7
SHA256 6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7

Threat Level: Known bad

The file 6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3697) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5277) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:08

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:08

Reported

2024-06-10 23:11

Platform

win7-20240221-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe"

Signatures

Renames multiple (3697) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\EnterStop.vstm.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe

"C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe"

Network

N/A

Files

memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 20bac7588f38f95504229763e2461744
SHA1 ef9909ba1a2f75bc5414cee7d0955294c3253734
SHA256 c160be0ca8e2f5ff9dff46cbebf031a8d3b372305acd0dc86e7fae5f93a93e0d
SHA512 fd23d07075656f633949e137393bab056ddf0b1df9848e41d80254fedd93c3e47a3725d117d667c1cece7dfe482f867675adbaeedf5dbc72980601448fae3b62

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 76b0ade0452d9976cdc976b6cac6aa05
SHA1 7a501c7452aae66641e6e8e62b039289c6fabecf
SHA256 39ed9560851c0878de2e16cefcfd63a31ce9119c491a44ffe6de7c69ca6ad34a
SHA512 ed9166ea8f80e140ea3cd44863f6975d64311dc9b5cbff985b50eb3be1cefb4e1a2eccbdcf94b92b5b9538599012103333b90819f87113f850b8d2289865f58f

memory/1728-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:08

Reported

2024-06-10 23:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe"

Signatures

Renames multiple (5277) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe

"C:\Users\Admin\AppData\Local\Temp\6b58b78e0e866d639870383e139fbc55d0f812f72ba4a21256e3dbb922f340d7.exe"

Network

Files

memory/732-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 f64e663e67870b5326325c743c0b3d5f
SHA1 91d7b74b7900ddb2ac275428f702e88519fb8c3d
SHA256 85e7bbd76677b22afdb637a2d1bacdc241cc722286faf0602e8a5c1c5111f73d
SHA512 9d9edfd746d52e79db198e47bc5f4354a46d25f4da6f84614df5c08c4e7e0cef2cdff8545c8fba3882dcfcea861124b24a7202dd12d9ea22d65f9d48a22916ee

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 87f9daef9c10588013e7bea28ba1fe0a
SHA1 72188600084e35b1665e11f4eabcf550718d5671
SHA256 511f1153291db1dd44746cb40c5578596e64ca4eb1c885852664a21818b0485d
SHA512 0a4e3e96097bc937bd7b338f5d16510172d4795fdd7131e4e25f97b7f5963f9906adc94bf0dc3916c1edac9eac8b85d829515ba3f043e093eed7673b3b278bcc

memory/732-1216-0x0000000000400000-0x000000000040A000-memory.dmp