Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-yltp3a1bln
Target 9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe
SHA256 9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117

Threat Level: Likely malicious

The file 9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5204) files with added filename extension

Renames multiple (1347) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:52

Reported

2024-10-05 19:55

Platform

win7-20240903-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe"

Signatures

Renames multiple (1347) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe

"C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 b6e49f66829569f2718dfffd1f8f2c36
SHA1 dc53c5165349c4a24bc4cd32c44c98ce6a7f3559
SHA256 775f5bfb86d8b09d710dea5b8bcd1cdbdd47181975ac3a57e6eddf69f22d8e7b
SHA512 d2d83b9a036171b238e54dcd5025836543a8d11f4af661b136a47af9ca8e5fb55dadbec1f278d535c2bfef6bda742ec7bb0827f6ad4f9e2b53beb3e1d4ce1900

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8607efe069b5da76becee36e39476eb7
SHA1 ded29ebd3cc8b9d0e5f703180473c23a82894175
SHA256 c05e268579ad07a87b616d5d18f890d24367b7a0ef4c9e1d43b083139064b3c0
SHA512 5d8b94662eca28f9bc3b6aa8f79ec94b52bb6ebf3c2a9aa54cb9bb1c5fa1c560629dccd284b6f45922ebb0490a6accd0ceb88704204e2fa8df4af2f79d1b54a8

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:52

Reported

2024-10-05 19:55

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe"

Signatures

Renames multiple (5204) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Google\Chrome\Application\initial_preferences.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe

"C:\Users\Admin\AppData\Local\Temp\9d0b36876980d8cb48151ba1a45c341a0c6696d69df1ba0dfd6398560554b117.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

MD5 06c49e52ccb6485ce0748961bcf52fb4
SHA1 a533aaec62753d197da958b512c1146493ae7b23
SHA256 0376dace64b2bac6fcafe448f4950246dbd88e4f8ccb4e5b20a465cf288de08f
SHA512 779f5db1bcc06f9fa0651ca56874e6d3678603501719cfa4d5abce53cd3ddeee5c6783a36fd8568d8ff5d4d0365c56a3f0e8127fe42ce376cb7b06b5ea9932b4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ac71947bd8a48d6ef552e36741b570e4
SHA1 76def6616a6e6f702ab77517a479cac946ee7ddb
SHA256 0c7d82ac6d4fd85b08a505078338fbb6c6a36f7d9fd7d69c0dbf6efd84bb6f3c
SHA512 c80e117e7744ec4386e277d0e74f80bdf1da7e4005f80ee7dd052dc3d284f49519763d81dd6830a7b7019980880d5926d0e45d06d56f3f9c3b0fbfdd9ca12d29