Malware Analysis Report

2025-01-22 20:09

Sample ID 241016-yey17ssejk
Target 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN
SHA256 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1a
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1a

Threat Level: Likely malicious

The file 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3158) files with added filename extension

Renames multiple (4616) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:42

Reported

2024-10-16 19:44

Platform

win7-20241010-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Signatures

Renames multiple (3158) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Network

N/A

Files

memory/2880-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 332011e1b71e46f6311f8f86789110c6
SHA1 2a73e25c5bf48fe5bf6e3d2d7f4366bcd45058c5
SHA256 f0a9ac49ae0a013d9f356ac3661483c9e20bee9f24bebe329785b585168ca55e
SHA512 f57a97e1387dfaab847d8643e60c7f2daa1a5382acd5c68dff0b20813dfa9f5f54c11905d50dfb79a89d8332f918462efc2164ca3158697b47bf7b3c9a01e1f8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e8783901faa068165b9bdb18bb8d3843
SHA1 d8f120bf30ddfbf959d2ba535c27363857574c5d
SHA256 db2d6a6f0f9a60161062d79daaedf084074452609272f448306394a9fdfe1fe7
SHA512 3b77a529cc4b5ecd92d6d0a7bd62b4c6ee3c01f7b8cb0a7c77efc2cbe4b624202ea1174bfedb7454bf861e90486573f78b1554ced3520860221804bc2f01c389

memory/2880-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:42

Reported

2024-10-16 19:44

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Signatures

Renames multiple (4616) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2468-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 1d9d0871a9e158790946018b8d76779d
SHA1 042e29ad6d9ce526b064f5ea1af0031aeb321a4f
SHA256 da7fd26b1eb7844b886968b990f704d83186fb2027737ce40ea954aa4d9193b3
SHA512 5333889d72d6dc1f9470b01365aaaece51a0dbc1f6c12342c30e2ef03d0f4e77abf7d9ef395e85c25c286664b4738150611fa2f78c04a48311d7632a04ded0f6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dddcff92157896d78b551cb96fbd805a
SHA1 7f1c39c1446ab761382fe37a5773e9a7b2d343bc
SHA256 5d37c68e7429be03a0796630b0ff7f5040a29303cc530ad47ea06906f876f664
SHA512 69578300807246c1f888bb7b6cdaf3678889c489dd7f5ec719602c8a0f39ffcf89fd8c34cbcc1e25f19316acb14656df8c1c0e8b70c7abdbcf970f5a8e31024b

memory/2468-717-0x0000000000400000-0x000000000040A000-memory.dmp