Malware Analysis Report

2025-08-05 16:59

Sample ID 250127-skb6qsvnbq
Target 130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe
SHA256 130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21

Threat Level: Likely malicious

The file 130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1927) files with added filename extension

Renames multiple (2532) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 15:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 15:10

Reported

2025-01-27 15:12

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe"

Signatures

Renames multiple (1927) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe

"C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe"

Network

N/A

Files

memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 41e834d3e6edf200986495085d5d4680
SHA1 c99de27d979a563c7a08e30e683ba3dce83731ff
SHA256 ea7a56b1f43942fb7fd2e2defd6b404dbc7d276618d37cbaa7a3967a99dd335e
SHA512 e901e965a2ba9c688e0d9677b0e24663e989a3dcf18d1308a95e228e52b5936f10fc3a9d1ecf6153d879e83d6dc87d8d61b4a7cb57b2fb6ce947431b0e130a65

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eff03755909631e34058a8dc2934d76b
SHA1 1ab7d98c39b2d87c87c4de843c7fb85e2b198895
SHA256 437e54ff6214f0ce140793f3ffde3794af6ffb4822680d2d9886409384271f1d
SHA512 5519f0d9825b2c61289d86f5b42316b5425050381f439bd65554c62730b761d70d0ab575f73800cc1bc088f1702e38bc3d4f81cb4d3eab42e8b2ae43c68b5576

memory/2068-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 15:10

Reported

2025-01-27 15:12

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe"

Signatures

Renames multiple (2532) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\FormatRead.exe.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe

"C:\Users\Admin\AppData\Local\Temp\130dd78932f6d56ad9180f7dd40f04d41bced0bd23502d84edbb2c0b4881ee21.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/1360-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 64e9864eba6684e9bb6b990993e13abc
SHA1 9edd26ce8b82d373173506e50c5333b1238807eb
SHA256 86f55d351b8d558ed123f292646513f351c78e9a5757ebbf38bcdce386e76eea
SHA512 95512f3978e9e433787760fe51b7e686539aa3c932b3f7caae2f53ad8c8f11c1e7ff710a4b008b6c67d756416a2033ba1dfdb954173cc36d062346a00da92893

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 61f36a0b3da3d4d358096da9b0c830c6
SHA1 57a906b03ef25a7d80556fb7cbe5a8ede51aaaa4
SHA256 bce1a5327a072ee21d8ef88e6aadc292b33dca433077f861d9af221299b37a88
SHA512 45d8e59483a3a4a7e0e1fe5e2dd7037ae84362086ae5525ec1afc8ae524255963354ab2519c3629a5a7384bc828c5c204948232523f28ae60f18238d86b5d885

memory/1360-480-0x0000000000400000-0x000000000040B000-memory.dmp