Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-zftnjs1gmf
Target 6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N
SHA256 6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7

Threat Level: Likely malicious

The file 6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3262) files with added filename extension

Renames multiple (4629) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:40

Reported

2024-10-16 20:42

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe"

Signatures

Renames multiple (3262) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe

"C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe"

Network

N/A

Files

memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 e6f2e9948ffd87475b67a66348184a75
SHA1 4fda862ebbfa3521e3e2718f6c24da5e760f2047
SHA256 aac75f66df408fc5bd431087fbb696ae706483c102a729ac00d07b2c73d24ac9
SHA512 2319cca2ea28b54057a3e983f8bb1cfe563ab05379ae0b1f7c077709e4beeaa2d22e1fcab27b34e4b422db00276ceaebea3634775617761662bae4ca8654b59c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2016ae02af74db6d23928b280786e04e
SHA1 691d92e822cbd37d44a4611d1a3b50a4975a2edf
SHA256 c5b6995f9f346dc222bd2977c71ade60288288b00e298ce681c0d1d48542e15a
SHA512 a9bdf7fd029e042c8ddbcf716386ca2d3a45d2bc2c460b9e875c10e8f0e05a3d019a1da08551e30467b0ada8499ba7ebbe2bff5b0316599a8021fe4801d720c9

memory/2384-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:40

Reported

2024-10-16 20:42

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe"

Signatures

Renames multiple (4629) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe

"C:\Users\Admin\AppData\Local\Temp\6152b20fc3826a116dc280c97657032995ae5236b1dd63203c1d7ace19fafdb7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2236-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 c9e0f67af868adfdca7a0fa0a8504ff1
SHA1 2b3cad61203a6c33aea99347eceaf804dca84b8f
SHA256 b152a838e5556f0f0b88aedc4e7ad6cf3ebf921845bac28f866e5408884ab9fb
SHA512 b448b30b7ca0ecb4960d21449659760bdc527f8fb4e0396ce42543fc9249caa5fc3d6e83c71905aaaf1295221c9227042ca9f3a2652f73e855e688bc582f05ee

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a9db3708c0ac691d02ab53f7960aa772
SHA1 75866f4b9ea1f1bd221aaa20bc1756f58883b763
SHA256 dadf4d3912e88dbbc4bca2eadcc6d745168056c4dd6162535bd18ddc213f45f9
SHA512 c8280b7eb8c75e521b965d9e3c9041940448916effe2e3383097da00a239bc60340782d341bcbb3fc9f7c8cbb0f3417e837df1baa0519287ecb69748022dce74

memory/2236-770-0x0000000000400000-0x000000000040A000-memory.dmp