Malware Analysis Report

2024-12-07 09:57

Sample ID 241114-ke5xvsvrbv
Target 84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe
SHA256 84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0ef
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0ef

Threat Level: Likely malicious

The file 84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (449) files with added filename extension

Renames multiple (4613) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 08:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 08:31

Reported

2024-11-14 08:33

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe"

Signatures

Renames multiple (449) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe

"C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe"

Network

N/A

Files

memory/2856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 74f6baff9745f999e7b506bd3b936ad1
SHA1 4e9de484e1d6f58aa4fc6602ead9f507957e8cf6
SHA256 9aff83882ca5e0d3d98b671cb65260b269501249a8003faf0521be9ae9682fc9
SHA512 4a0c642dc733e6615097c8fd02264a7c8524f12b8aa06bf706fc9c179e06430d176620e01362a3b6a40b39dd5efb282336f061ae7934cea9b0c03e48596190da

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e8085820fb55e9f56dd83d4e1c7e9ec5
SHA1 958503caee3f141591ce68dfab0bd0a1ab69a7e3
SHA256 e8257d60ed9bbebdf6c2626505af27879af08fc95172c17f265db5e664833a3e
SHA512 ed9771b850fc9fd350df2e30a2d42030ab6e35859524eaecf9269bc24302c4f59ebf63025683d06d07bf45c7ada27670cd5ad43e3a030f514f3019b81a96bce0

memory/2856-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 08:31

Reported

2024-11-14 08:33

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe"

Signatures

Renames multiple (4613) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\ExitSend.xlsb.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe

"C:\Users\Admin\AppData\Local\Temp\84a154013686686c49bc475cb57bb9e4f0fed574bae41f2af220c2889316b0efN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp

Files

memory/4880-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 05163c9e49dab9027189c1aee13d9b02
SHA1 f1b9f6b5b09db156520b16ca610e0efb538eeba0
SHA256 21a987a29662ef0f59401e18ab6aa67a935dc1d1eaab167a8e0e6dd75799d83d
SHA512 89176bfeb2eb64dbbde99d03cca9c52898e91bcdec588b1c652d97f49b948434cef0a8c9f847f3c2c0687ce059bed5f747a161ac9f4918e8061091ae23cc8013

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f0037ab9aded09c30d8d6109ef4e9c07
SHA1 7c83b274476a7f15e1fe0f03beac5dcb2b63233c
SHA256 186ab587712346516cde40e2cc1e3e30395672b61ef09878ad027eac13f8dffb
SHA512 e6d11826c690262b4daaf96ed90fac3445df6f1e6e93749f0ac4aadd38b3bba04489f8c09dd3166887bd95a0b545d29b5ba0b31a6c19585e1ffee2c5e94de634

memory/4880-730-0x0000000000400000-0x000000000040B000-memory.dmp