Malware Analysis Report

2025-01-22 20:35

Sample ID 241019-152acstgrl
Target 9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N
SHA256 9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844

Threat Level: Likely malicious

The file 9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3230) files with added filename extension

Renames multiple (4327) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 22:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 22:14

Reported

2024-10-19 22:16

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe"

Signatures

Renames multiple (3230) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe

"C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe"

Network

N/A

Files

memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 cba9b00504c1b99e409468054a5f23f9
SHA1 555a84b9a133ae5c5dbcb40cf33f7325851ac944
SHA256 d52e56506d73729c34ea4135b806b29950e45b003257a6f6d358e8bb9f3001be
SHA512 8d32173669ca59b01041b67e375e68e7e2910624560409af9ecf56b1a4f5f2499e3c1365232997e08363bf5b8d4a539879dfd7e4a65bb4a7cc3bab328a506248

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6d85765064b9e850ff45d8d2c759a5a1
SHA1 78b48e9bc4bf581cce1fa8a345b4f0421fa381b8
SHA256 7bef50d7b3d1bd21518b29be1477f10ec3d5f70e73f46e5e5891ced453167d20
SHA512 d583ac2ac670089fa6b5fc95e0e7e8a849f9260742406b8a3d00783bfef78524d7c8a4b58396fb6f7d6a1c81fa1b7a04df825f646cd68ee6141532a20c1551ab

memory/2104-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 22:14

Reported

2024-10-19 22:16

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe"

Signatures

Renames multiple (4327) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe

"C:\Users\Admin\AppData\Local\Temp\9ad5f75c1fdf79bb7b3ed69671088f0927f38c0e12939f0a688a37fef59cc844N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1040-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 87dff652d0b5d8dd456b4fd7e7d3218e
SHA1 806fe02c65b6eaebc714a61684815d0291d3e0dd
SHA256 31de5f35e1c8d4e33f4b341a9edac502b7a0d0818f14000c40e0237d4f439bde
SHA512 49fa902945e9ff897ab0c26541fc5ee302ec072bddecfb77b14612b4812fee9e6580b54d00669f802512e315aecebfb2e5f259eb0a64767381f6f1ebbd59bc39

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d7345b7a605088184866990c07f2a99e
SHA1 694e9574415ae731d8043f8b6f6af7294dc1edff
SHA256 755865e006a942922daade09fb83052b21c55daf20d077e854a55ed6bd220e26
SHA512 2e07385ad823558bb1cc15684ac47f45f696cc1ddd257367c1603ac7c6de11d0fc79a59fdf7a0dfa786dbe464c2c1002d35093793b027bb1061071ec89dc4802

memory/1040-664-0x0000000000400000-0x000000000040A000-memory.dmp