Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-g967maxcjh
Target 9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N
SHA256 9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224

Threat Level: Likely malicious

The file 9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3243) files with added filename extension

Renames multiple (4453) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:31

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:31

Reported

2024-10-16 06:33

Platform

win7-20240903-en

Max time kernel

120s

Max time network

20s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe"

Signatures

Renames multiple (3243) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\ProtectUnprotect.m3u.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\bin\installer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe

"C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 4dd281f7ac44fe7221880b1f2fd45f78
SHA1 b6edf00f1fd3afd306d733bfb124551f7ac7e1b7
SHA256 e59a4ff2a4bcd990470d4cc5c29b4b81f601f1ec8f47b4a5c382e1cd0705b96e
SHA512 000938a0379dda05a7b61c09c4e6e3bd47e895d5a646fad7636cbc8a28be787be102a885c9d5b92d3ba8896479ec13d0f4c68f438d17c8cd782f02f9d70b2bf8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b381cba9806fbafb215bc213d68a0386
SHA1 026c6cead4ba0eb7fb0695ebca2c96a348af8108
SHA256 18dc805d1b47a621af0df1487abdaa7b58e38b67e6420d2cca0b2464be32f22c
SHA512 61eccf7e8b2fb65340ed984b34c7a674db9a1a8f5b716ed84a653738f2e4d04981e27ec046fa54b3f58c6b727798bdbda48b446b06fb7d514e53a66bc8bea550

memory/3012-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:31

Reported

2024-10-16 06:33

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe"

Signatures

Renames multiple (4453) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe

"C:\Users\Admin\AppData\Local\Temp\9ac89347462d421a0f93e73333b4ba7ec7d1a844f00ad1a276718d14dbacc224N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1904-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 57710b9edd2c2333e320cd776141cc20
SHA1 c618788ae2286b5ce047dc1668ed226c295432b0
SHA256 0858f680a2fa77f44e6e12237e5dcc8d30231a5c67710cccdf5aac3ddb4358da
SHA512 d8c4643d619f3346ff5e19c21cbaaee3d79137888b9e2ca97e55f57ac056ac7f9b14f7c1ff9f743ca2f1ad084c99cdac7e96d1ffa24556db610f757c9016712f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f37da48bff7b4e653dc9ca1cfe718c06
SHA1 cf7ac7f19da08d516e45ceb03b0bbfe3291391e2
SHA256 e3da51546199d721d3a630c58cdf220bf086f39aa6b3e5ae4d0a8a07030d7569
SHA512 58f4384a2847c284615c3ab6993e3c4027b21f18d1c8a19a737f6809a922245573499c665b93a69b7940af68f24c3b1dbb28e61575929de1d67c35fe4db1fa27

memory/1904-662-0x0000000000400000-0x000000000040B000-memory.dmp