Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-ydzw4svhka
Target 9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN
SHA256 9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5e

Threat Level: Likely malicious

The file 9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4307) files with added filename extension

Renames multiple (2844) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:40

Reported

2024-10-05 19:43

Platform

win7-20240729-en

Max time kernel

120s

Max time network

20s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe"

Signatures

Renames multiple (2844) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe

"C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe"

Network

N/A

Files

memory/2308-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 1d8d4d1fff7e9f4cdb6ea81940d56c91
SHA1 ee0b164ed710e35f233ed943e48504a74e8ebdfc
SHA256 71316d8068cb59c8a1c207a292aec98bb7292a70b4b25f4b6d93182014d626ad
SHA512 32eed8f5dd359e6d8a9cb3e06f907c482f8d145ba1cad2a2009b7785af96d36836e5a5f09919024dcb8bf4f6f8278007b0176d175554fb0eadf09054da7f7ccf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e42d6d186a7efe425383efb2140771c6
SHA1 871cf951e37db5d0173a888feae78abea099b9fc
SHA256 38f7e0879d7a642b4ed753ff3781d203d8a87ed23d20ed3dd7c77224739ec14d
SHA512 cd9b4b526ae7f22c0415f005e5fea440fb52e5aa188834fb3acfaf2887930d555feed400030e38294f110dae0cf7f238e4a624e081f7cf71de13581d09a14605

memory/2308-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:40

Reported

2024-10-05 19:43

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe"

Signatures

Renames multiple (4307) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe

"C:\Users\Admin\AppData\Local\Temp\9c869a677bf00dad3f33a9cb63409c71a02eceb5c928886b9e9bd50e11a27e5eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

memory/2040-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

MD5 91c7857e027e0fa86d617e07d350f913
SHA1 bc74ab65f63d56646b24a69b73ac649eed9151bb
SHA256 904c44ffa69b337ca2a5a8d3b8411d0049d78b45df7be5d8418b7247e36f57f4
SHA512 49b7f696afb8c7e85d2d943d4942acedba0933ffc6cd71aaa48a3ed1832b7a11a4b9b1649a0db20ca20eb2259198cc8b9acf01edb18bbf690d25f5695f63ad95

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9e288dc09bd076a8df8dd42d5ab5f985
SHA1 b68151342227ab597bb3c016d6d33ed5fe4bc6e8
SHA256 5c9a4dde03ee3007fe2d8ad97ab74eeb614a93f1ae42f41538db7f773fb91d40
SHA512 42dcb93bb89fa8c198f0497fff3995f20fc7cb4a1d72425b4930537a82982e181829f62a49c32ef581f41aa463cfe60ac8689ad6d57a4b43655bfdc5f697482b

memory/2040-766-0x0000000000400000-0x000000000040B000-memory.dmp