Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-ygc7hsyena
Target 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN
SHA256 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1a
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1a

Threat Level: Likely malicious

The file 9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3720) files with added filename extension

Renames multiple (4992) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:45

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:45

Reported

2024-10-16 19:47

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Signatures

Renames multiple (3720) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\UnpublishComplete.jtx.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\RepairRegister.mov.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Network

N/A

Files

memory/2380-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 2df0248bc3386b8c9f4a6934016def59
SHA1 e284baa7d0b51b74d4926b0d73c8064c168d452c
SHA256 8eefb2e6b5fe024351cf2c8a9db0bcdcd2a59582e553982faa08a3118427b144
SHA512 e9875d1cb851d28b2b76700c50a1e3c3bffe6910fd7387cb236188998aab5c5b0f719302ff489e7756b094f6c7f1cfddc231e1a6f4c3b40240beb369252c354c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4c8fe3e0639ceb391e221c960b71bec5
SHA1 75188242f45565607becbd9747b4bf3c1f91dcd8
SHA256 c0a326880d251165d42dd38a8b2dfd49781147b5afe34f9ea038eb708fea24d0
SHA512 fbfaaca55214005816fb4872031185a5161495bcd639ca6c8bc2efbd461dd6224821805900c5c2d0b18d0130d4fcdafdcee08fbd2d389f7ff0c4b0cb4ece46d7

memory/2380-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:45

Reported

2024-10-16 19:47

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Signatures

Renames multiple (4992) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\CompareJoin.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe

"C:\Users\Admin\AppData\Local\Temp\9ace9e42d407295aa08cf384ea37b896670c51ef0b9954327f23dbfb0b526d1aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/544-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 7e7d8a6d91ef702dda565b8ea4343b17
SHA1 14953b788da8900e88b3213e2a53779005385559
SHA256 363f4f9b84f3c199e346cbdf19b3273a18e42ce07846ee39d788ca6d35fed024
SHA512 4962dbac64a4af9bf5a00fbe4aaa87eb70f10103a249f49972da8711e672af5c1db2e607c52baed74601af8af2f3532dbd52c362f522a2028a1dfcdd44af1ad2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4932f4bb78a8f4ef5e1d18e2608f6c97
SHA1 65e7ad88d60ef60b17055e5007493270ad5d9369
SHA256 a437c1b940b3bafd32735349688758805cd78de8cdbd29f92cc639a7b9d29fad
SHA512 9b7daf4eab21018daf6ba9fb3dee62fa91e59a67348a73609f969ce4c6022bdb246b71bce63cb54ff6efb5429ab8003e9145ee6654423a3dc8eb8c5644b472fb

memory/544-660-0x0000000000400000-0x000000000040A000-memory.dmp