Malware Analysis Report

2025-08-05 23:15

Sample ID 250115-18nhnsxlat
Target 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
SHA256 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
Tags
upx credential_access discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

Threat Level: Likely malicious

The file 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33 was found to be: Likely malicious.

Malicious Activity Summary

upx credential_access discovery ransomware spyware stealer

Renames multiple (19866) files with added filename extension

Drops file in Drivers directory

Credentials from Password Stores: Windows Credential Manager

Reads user/profile data of web browsers

Drops startup file

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-15 22:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-15 22:19

Reported

2025-01-15 22:34

Platform

win10v2004-20241007-en

Max time kernel

900s

Max time network

431s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Signatures

Renames multiple (19866) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\afunix.sys.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\gmreadme.txt.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\gm.dls.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\NdisImPlatform.sys.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\Appx.format.ps1xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-WOW64-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-WOW64-merged-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Remotefx-Clientvm-Rdvgwddmdx11-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-RestrictedCodecsCore-Full-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\certca.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\kbdnko.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\MSFT_NetAdapterVPort.cmdletDefinition.cdxml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-KeyboardFilter-WOW64-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetFx-Shared-WPF-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\iaLPSS2i_I2C_GLK.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\netdacim_uninstall.mfl.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\shellExecute.xsd.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-IntegrationComponents-VirtualDevice-Server-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-DirectoryServices-ADAM-Snapins-Admin-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\uk-UA\wlanmm.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Hello-Face-Package~31bf3856ad364e35~amd64~~10.0.19041.1202.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MSMQ-MMC-OptGroup-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\SensorsAlsDriver.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WebcamExperience-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\en-US\sppc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\spp\tokens\legacy\spc-generic-public.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\en-US\eappgnui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\ja-JP\gpscript.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-Common-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\usbser.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\mshdc.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\developerManagedStructure.xsd.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-merged-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\ja-JP\dot3gpclnt.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\1394.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\ja-JP\msjint40.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\ja-JP\pnrpnsp.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\storage.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\zh-CN\comctl32.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-UX-PowerShell-Module-HyperV-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-RestrictedCodecsDolby-Package~31bf3856ad364e35~amd64~~10.0.19041.1288.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\de-DE\sendmail.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\c_monitor.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\MSFT_NetQosPolicy.Format.Helper.psm1.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WSManMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-DirectoryServices-ADAM-Tools-Opt-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\de-DE\odbcji32.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\it-IT\wnetvsc.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\net8187bv64.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\de-DE\net7800-x64-n650f.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\en-US\twinui.appcore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\TtlsCfg.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\ja-JP\fixmapi.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\newdev.exe.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ProcessSet.Schema.psm1.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.19041.1288.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\es-ES\mshta.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\fr-FR\WsmSvc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\mspaint.exe.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Product-Data-EKB-Wrapper-Package~31bf3856ad364e35~amd64~~10.0.19041.264.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\prnms007.PNF.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\LogFiles\WMI\NetCore.etl.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Client-Opt-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\en-US\prnms011.inf_loc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\LE_CTL_ar6320_3p0_NFA344a_highTX_I.bin.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\c_swdevice.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SysWOW64\en-US\licmgr10.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\RtmMediaManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\el_get.svg.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_2x.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PowerShell.PackageManagement.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_ca.json.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-30.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldBeLessThan.snippets.ps1xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\ShellPreviewConfig.json.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.scale-200.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-100_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_sk.json.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\TimeBackground.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sv_get.svg.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\selector.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker32.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\plugin.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\ui-strings.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-64_altform-lightunplated.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\questfallback.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\LargeTile.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\xboxservices.config.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeGreaterThan.ps1.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\mso0127.acl.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-100_contrast-white.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_06.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinTranslator.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\System.Data.Entity.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ja\Microsoft.Build.Utilities.v4.0.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\HyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-Multimedia-RestrictedCodecs-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-SMB1Deprecation-Group-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemResources\intl.cpl.mun.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\PolicyDefinitions\de-DE\FeedbackNotifications.adml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\HyperV-Vpci-VirtualDevice-FlexIo-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Onecore-SPP-VirtualDevice-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package-ua~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-OfflineFiles-WOW64-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\INF\mdmgl009.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\CssUtilities.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\1040\vbc7ui.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\Regasm.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja\Microsoft.Build.Conversion.v4.0.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\PolicyDefinitions\it-IT\DiskNVCache.adml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-PeerDist-Client-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-SmbDirect-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.winmd.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\ImmersiveControlPanel\images\TinyTile.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\PolicyDefinitions\it-IT\MSAPolicy.adml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Hyper-V-Hypervisor-merged-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\pris\resources.en-US.pri.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\network\Images\i_clearOnNavigate.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Pipes\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\manageUsers.aspx.es.resx.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\PolicyDefinitions\ja-JP\EdgeUI.adml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Client-License-Platform-Upgrade-Subscription-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-LanguageFeatures-OCR-it-it-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data.Resources\8.0.0.0_ja_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\INF\wvmic_heartbeat.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security.aspx.fr.resx.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\HyperV-Storage-VirtualDevice-PMEM-merged-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\tlserror.htm.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\unifiedEnrollment\js\unifiedEnrollmentProvisioningProgressPage.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~ja-JP~11.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSplashScreen.scale-125_contrast-black.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Logs\DPX\setupact.log.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\aspnet_regbrowsers.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\it\MSBuild.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-OneCore-Multimedia-MFPMP-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1266.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-PeerDist-Client-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-msmq-triggers-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.Resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\PolicyDefinitions\de-DE\WirelessDisplay.adml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\HyperV-Virtio-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxSignature.p7x.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Boot\PCAT\hu-HU\bootmgr.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\INF\c_usbdevice.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Multimedia-RestrictedCodecsExt-WCOSMinusHeadless-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\images\EventsCollapseAll.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-80_altform-unplated.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Microsoft-Windows-PhotoBasic-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.mum.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\servicing\Packages\Multimedia-RestrictedCodecsDolby-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Windows\diagnostics\scheduled\Maintenance\ja-JP\DiagPackage.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/3948-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 dcd592b3a6cdaff0d6f2b61e26bdd041
SHA1 5b6d8abe031bbd87095daf4b40f1098c6fcc48d6
SHA256 cdf630c2ae09f7ab7149f9e146b6ad9ce311eb0e51a7523de2b8a1617cb9085d
SHA512 88a440a2c13553f7484604e5b362b4a8e8d8837d035f1ab58e9f96b53f76974303461b97b171fdf941b4d24023e3576f5397f790e063d23f0402f73429b104e3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a634e42afbbfdb77be885e764b3bf116
SHA1 782babd8659b23c94b3e6a4bef640e28e3a1be2c
SHA256 076f5e18738f93f194420454a665bda884ea906f6a4563d66452080e6517bac2
SHA512 5c0e2f47eba5b0e360810224e2936efe7a53d66667aa66bc8dbbd93297346969fff6044b70d5c39b223bc4166b8e261d3eafb5732a772b4d5191985b8ca0f67b

memory/3948-778-0x0000000000400000-0x000000000040B000-memory.dmp