Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-de4apstdjk
Target e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N
SHA256 e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2

Threat Level: Likely malicious

The file e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3151) files with added filename extension

Renames multiple (4372) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 02:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 02:56

Reported

2024-10-16 02:58

Platform

win7-20241010-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe"

Signatures

Renames multiple (3151) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\SendClose.txt.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe

"C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe"

Network

N/A

Files

memory/1692-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 b13ad3eb3737e36734831417a4d3b8b3
SHA1 9e9d7c3ee835ceca46c465fe623bd6464e0071d7
SHA256 ad9741891445e1fdc11ec8166d28e515e2c944d391665d1641877578f7497044
SHA512 8e52d87a5585639f0578b315eee8d7e1fdb7d0b2120baf8c255e840cd5e1d97afa1c259b1a95c4878916d989bd7221e44219d5a15b01c9ad358294652c480b46

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2034ac91eab7dae5c9120dd321c11c4f
SHA1 161e53b3a2f4a273aff77952bd6888054d534773
SHA256 4b653ad04e5d50691b4eba8d8fa66b03b375c67c93ebb525875f16f780b2e6ad
SHA512 eb214e6cf2c16b145286ca50e683de217bc680ed07331822da19ad502f20f86c57639e227426c4be4e1e735a9257bbea519954fad3e1e6cc25e1eeb2216e4078

memory/1692-70-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 02:56

Reported

2024-10-16 02:58

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe"

Signatures

Renames multiple (4372) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\LockAdd.mpv2.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe

"C:\Users\Admin\AppData\Local\Temp\e9eeeaccccc6ede5651cc09c4a66f603ab502adb142fd1ede65731d86dd03aa2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1952-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 09e6324d4d997280149c7af3f67fc861
SHA1 3b6e8718674c8fd881075067353e0c1410b8606d
SHA256 451fa0e1772402b84eeec5645c213e22c5be17bc223cdcb4a82ea177242c6bf3
SHA512 8185a0a543f0552b46fa1d8106078cc6097d5ea91a5d1ee68d0087b61060ba36c09aab54f141f95d2d4f2bbd78d355368b85fc7c718f6a0f7857369989adc264

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 777027b185ae0a733c4a51372c648b81
SHA1 40c90a71ce7bd9683eae59bf5a392aa7b4d29fc1
SHA256 da122a01113046c4739fa3d3668535449e601fb3f451cca694e61540570e336a
SHA512 311536f5857441adf3d5ff0f2f5aa58be336f282a81a8e2c56ac97314dd494ffb8d089f08c9d3e8e8b85521c076509c12176995a9a40d1737e4e937eaf751a40

memory/1952-664-0x0000000000400000-0x0000000000408000-memory.dmp