Malware Analysis Report

2025-03-15 08:22

Sample ID 241020-2w77zsveqd
Target 6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12
SHA256 6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12

Threat Level: Likely malicious

The file 6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3455) files with added filename extension

Renames multiple (4855) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 22:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 22:57

Reported

2024-10-20 22:59

Platform

win7-20240729-en

Max time kernel

150s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe"

Signatures

Renames multiple (3455) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe

"C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe"

Network

N/A

Files

memory/1096-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 96d09c9251d338e06e55de9dddce4b64
SHA1 c8b7a0f043feb7c0bf67c4f6c2073d208053150a
SHA256 9d0c1605a61b06bb77766cc2d9185bb3d8d5e711f936f333846bae8314f4269f
SHA512 cbf74c0c85dfbff8e14dc3b8e5b915727961e17315e491289cd488723498b53b396b5125be3436b00f8599e926065607b9e9565375c635cba342dfe3b10329df

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 45bf449120d3d99eb6bf14a3e5a3548b
SHA1 e3cef15f06578f896b77add67948631efe1a4f93
SHA256 5410038cb4ff7e3124f1b19381b666a5176cec108d2ae76036f5fe59a73c566b
SHA512 25d46fe9405091ee46fc54c97a42919e113b75ad6142ea9ad6f8145ea82619d6eecb3078eb61e2b8033559d1b7800aac76bde11721d79e6612da3e8eee595e6e

memory/1096-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 22:57

Reported

2024-10-20 22:59

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe"

Signatures

Renames multiple (4855) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\CompleteUnregister.xla.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\InstallClear.cab.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe

"C:\Users\Admin\AppData\Local\Temp\6952ed01a32773094aa157a45b89ac0ace337d1d0c798c9a0b68da4ccfb88f12.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/2720-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 f83da758d4cc40c28f77fe81c8371642
SHA1 fdab191742b56175a7ef4ff0ac7ede0335472d5a
SHA256 8579064860686c7450f4ef65b6429c3c9ae7879f1731cac4e55af7cd05e82e76
SHA512 5f4af7c18d50b62654fc5e36cf91fbea42c3bf8e5d11a6c89adb74f62cb1a94108d5a511982128af7aa3899416b5548b1daab5a07d6c11742c5d07ae5f0f7d13

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a89795a66dc81221c57bbb62e27be4f3
SHA1 d9f086520a7466733176df63dad2160de789603d
SHA256 fee37727968932be91988fa6ad30b1917f55acd522235b95603799df3ea543cf
SHA512 8079113d90ca3f014177e3f1b75430beeb920055441aff63db2c99146349dbffbf92c97bd9fcdb8ecda466e88f6540c878a2c0a84b8bd5e0ad385a35a375cced

memory/2720-664-0x0000000000400000-0x000000000040B000-memory.dmp