Malware Analysis Report

2025-01-22 19:57

Sample ID 241016-w339qavcnf
Target 9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N
SHA256 9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53

Threat Level: Likely malicious

The file 9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4437) files with added filename extension

Renames multiple (3218) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:27

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:27

Reported

2024-10-16 18:29

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"

Signatures

Renames multiple (3218) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre7\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre7\bin\installer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe

"C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"

Network

N/A

Files

memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 2a75dd47193f2982b29c0c89e2875a2e
SHA1 121be6d8228bcccee5d1d6030c685fc8380e2342
SHA256 166dde4b399ef91deb0744d7584c75ddb2b20cce4833e2497b2f8e69a76899b6
SHA512 93d803624a304119a0d3045d87b31fefff9bbadb6fa2dd5c40a19aa6562b31911d98672683009bfe03050b98e697424fd8c7589222084fc7f83c0897b2baefb7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4fa404d3c2b2fd960278dc1df127f561
SHA1 a9e7c0c29d45fe3d1558c62284f3433418e493f1
SHA256 a5b24a937caa1a0625961a7ea20ad2d365ce7f4aac006d31011dd6b14ee5a9a5
SHA512 61af79cbc5693a19acfe2ef6a43887c4317c5857c6da33c3133d439db6ff1395e1f754a1f349a60205bb7581e2d5593307a165c64591a08f5ddd91bc04d57d64

memory/2856-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:27

Reported

2024-10-16 18:29

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"

Signatures

Renames multiple (4437) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe

"C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/3984-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 4085b68ec22d6fca02df53bf0f5139b5
SHA1 c72c218a2120c0676860fa0abfecd20a33fcff8c
SHA256 13448a354361d6f3caab567b2c44d530c5a5413cfa9c706b9f63b0952e783c7e
SHA512 83c2cfe72d5c26fc2b8a9eb7b5c199d60c126b8483759a1078f11328de53b59e4fb2d93502cf82061780ad4d6910942586e8f6a4ff881f8f2b48b1af10f5bbba

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 23fbdf5507774241fb122900fce9098a
SHA1 efbb736fa8fe48779c87eda0b180b1f2b6313e8c
SHA256 77b34e5def238d6f8bdb5726a78cdc8f28175cf9cbd34a846f0ef9fbebc0087b
SHA512 857e007ed98558739347919d7e0b6615df0f24bcbc4fdde57eac9d54b0ce609f1fa528a74c7af7523071a898256b91f2d37107a2e44b1bdf2d522ae53646b809

memory/3984-660-0x0000000000400000-0x000000000040A000-memory.dmp