Malware Analysis Report

2025-03-15 08:22

Sample ID 241020-3gt79aybkm
Target 7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608
SHA256 7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608

Threat Level: Likely malicious

The file 7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3513) files with added filename extension

Renames multiple (4701) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 23:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 23:29

Reported

2024-10-20 23:32

Platform

win7-20241010-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe"

Signatures

Renames multiple (3513) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe

"C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe"

Network

N/A

Files

memory/1668-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 183ee78090f8863369616e540a8537e5
SHA1 1093c7d5560118381717a4d15be8c9ad99d4b162
SHA256 5a9799980eb5e3a96e6f2244366615ad45e8ea80bfa9def9141dd0c49feec544
SHA512 d41737bd020320e7e4e45965a6ccb905d7d36f511270a8c8f2d15f8756f9bf85a170429d31d3bb74d15aa87f5fbe80cd8695bff4725414a8b31d2c6035eb6c40

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 505413d61c280a7e2de7de0f623075af
SHA1 72cec4e2f544d9be059078efbbf3e1e1063278b0
SHA256 08e8a2620940bd42101dd3df881b66485cefe09921da491e33bd71f9083d781c
SHA512 9a3a48680d80d10c9f96ea71cc16fa1285c64a2dc896752d30610e71a5fa8f55fa2da4543da72046b751abda429ff938335db94b9a31505a7127f3ee6664803c

memory/1668-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 23:29

Reported

2024-10-20 23:32

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe"

Signatures

Renames multiple (4701) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe

"C:\Users\Admin\AppData\Local\Temp\7546069fc42a756cde82606b31a196cf236d1a6aed90fa6289afbcb8a1b1a608.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

memory/3420-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 1e149898828214627a0ffa4582d3735f
SHA1 082d621636648ec580c25a472d0dbf3b0ddbd560
SHA256 5cf110d69269c352a47681bd0ca0ef2272ea33663f9a335b2c30ae8af50d7084
SHA512 0aa1a2bec98b8c0b6ff783cacead7740099a7cb19358051465e513adf4d5dd828d252d448608c9f8a7a5536da938d54774915a257dfd0c9b4388049ae86c1ce9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1047b5b8d763dc40ba4887f7df376448
SHA1 12b3d86543dd167553392112dfaabab3992f272b
SHA256 74a3cb188901f4a82d8ed7314c73dba769bb2a1938f7576de0f1364e41f698f8
SHA512 2e0e778d396e10f0273961193afc84c9fe43badab54fbded1626445372c5e89ee02353681637c906b87b2452d031b222837bf4ad1113309db81a988dd7046027

memory/3420-655-0x0000000000400000-0x000000000040A000-memory.dmp