Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wpmd2sxfkl
Target 0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN
SHA256 0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9e

Threat Level: Likely malicious

The file 0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1171) files with added filename extension

Renames multiple (2187) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:05

Reported

2024-10-16 18:07

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe"

Signatures

Renames multiple (1171) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe

"C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe"

Network

N/A

Files

memory/2288-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 5eb1387f635d3ca8f0cf0e749cbf8e2a
SHA1 627c43dd3137e3159cb4ee66f2fd0b1829913e45
SHA256 024039728e0b4907efa8d08a473134e4672c7b43e144df8d396851b2a8b4173a
SHA512 c65327b86c43d2b7eb9c8baf691a161251010a6167d4e36e0fa4a0141f3a36fde6f4e959db596f96c0fb623a48c6c6095b0e2148948abae645ec6b28f76bbebf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c819e42ef565a00304dfe12850fbf439
SHA1 00e1fc62c808b8700bc5ac1f5ff08808ccf7d76c
SHA256 01e29ff1c6ad32114bad0b2db50cf14293cacd9c3ebb05a4e3403d4478a8cc17
SHA512 3a0a45bbd2a6c6742e9c390d486e5c4439a9b4e2ccf7db00805f68e55e568f58d55ccb804d3e984d9415772d8f8fa40de88638d6e922b5bb95bcdd4f407a1cec

memory/2288-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:05

Reported

2024-10-16 18:07

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe"

Signatures

Renames multiple (2187) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe

"C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4144-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 7c15f6650fdcd1d159c97a27d0f3c4e9
SHA1 5d1a0464f92e78ffa31c8298acdbeaf0bbebd160
SHA256 faa576d6562eebc739b5d742d7b9beaf387d8d1c56b8c0188f3d0aef8df37bcc
SHA512 cd7bd0260deab5a7366b9d4a82080af52ef585100d3d4a2da7a597ada8ec896a4898a3ab972e6c5f20b5586943da586075d0ff6b9c741b0103d4852127eddf22

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9cbe8ada79bec375447111997b5889d6
SHA1 7ec10507d0152e4849fc70856c075138a9704270
SHA256 25e0d55573fec916e6be5fbbfd5826142726cdcceba2e8b304b2880d5526d797
SHA512 058dbcfafbe2738dbffc82c6b6d32ce61ab7148711111993663260120951f8e7cd943b4c44b7fc134ada6dd9690dd3810bcc6e6a4fa57cf86ef0d15133364bea

memory/4144-429-0x0000000000400000-0x000000000040A000-memory.dmp