Malware Analysis Report

2025-03-15 08:14

Sample ID 241016-gj3rhszfkp
Target d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e
SHA256 d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e

Threat Level: Likely malicious

The file d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4732) files with added filename extension

Renames multiple (3507) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:50

Reported

2024-10-16 05:53

Platform

win7-20240903-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe"

Signatures

Renames multiple (3507) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\EditSelect.vssm.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe

"C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe"

Network

N/A

Files

memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 d25e67093bb32af316360a9e6ae42fa8
SHA1 cdd4f55793a0d89195ce3d840830cb39c7a2bc89
SHA256 33f60b5982662a5e67cb56f47fb7003287ac220a270750c924b6b56d54110232
SHA512 4fbf160a015ec8b0f78fbc53a5fbba6ff7e82b7c997293f66596a34f2a29797ceb488dfc3956851e24386caec444c30930768450de83bbf93df68aa56e4e5c20

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5e8993741f9d8e9e2c6b0fad380a924b
SHA1 83ea85f8befee6885764bcdacfb08cd9f39675ed
SHA256 6b9348558e0a3f5037d5ad2231eb03505da98df74f1c652a08a5f9a0f869ade0
SHA512 a3f79c1fc34aa458c87445ef84ac3e5e169c46f2fcaa290ee6e54c312fad7692bcb31e72f7667c2038b32dce09ebd19555922b074f1ce95ae9f039d199ee3dc7

memory/1708-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:50

Reported

2024-10-16 05:53

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe"

Signatures

Renames multiple (4732) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\EnterExit.jpeg.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe

"C:\Users\Admin\AppData\Local\Temp\d52df29d0318689c112e1d32617f23fd51be4844c3da014c494cacf4c33ac07e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 193.98.74.40.in-addr.arpa udp

Files

memory/2968-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 5674898d0c5b880996af7853de8e4df1
SHA1 739f81210588da265c71003482f2def57bfad423
SHA256 4606fc150c3777212d6494c65c2ce4d417d3e6df2d862a132199a726f2de712b
SHA512 77b7d414f162a3f9471267be48cd828b2796e249f7e760e854dc7806a14adde3e18bc814182f6474b1d8943ae801189141d68c644fb673c938488f9252267d69

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dbb2dddb989712e41aad1904bed5b68a
SHA1 7ed03cf4aa308034e86069f845a55138eda72079
SHA256 a26bc84b5404dd249676c974da3063ba8fe26c0fb4062cc7503891ea451340e1
SHA512 b9269fd7e776eb2a5fd5926f4c94ec51f52bac3bef01eb6f376d0e00baf238902170b033b0a47739c78c084247c84f00b8874543f8a26efcf0f29072b90ea495

memory/2968-650-0x0000000000400000-0x000000000040B000-memory.dmp