Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-wxhe3asfjc
Target 9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN
SHA256 9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2e
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2e

Threat Level: Likely malicious

The file 9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4231) files with added filename extension

Renames multiple (293) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 18:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 18:17

Reported

2024-10-20 18:20

Platform

win7-20241010-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe"

Signatures

Renames multiple (293) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Pipeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe

"C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe"

Network

N/A

Files

memory/2808-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 46cb84ed5382a94c1e789a21bf1b619a
SHA1 da8b536dac28aba3ae7f51b4d581eb8e8bf44b60
SHA256 fa9abfaee9c4e917e63a238a2a81c40002695fa4c458421b15dc1db020291b07
SHA512 706aa60b23f497b6e17e98fd904d944df73fd19abea134af12ccc0e50badde28806f3e66f6e299b8e3accca1f18006446715932c4c6606860282f688e79d65e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c60dd9ebcc4e24515ab00c1fa3be9045
SHA1 8da70f5f4fce6bdfcce6521ba9460c6f15c7b947
SHA256 1d13fc0dba56da0a1bb0da1fb3faa99606dbdf36faddf4ec1c443efd103f395d
SHA512 7ca859db1b90361586363c7fe996733ff702cc9720d8558e01c9661d8a3e51803300b26d686e3c37047ac668bafb23d18f3a591eadb5e6c41615a6d7b47d0bd8

memory/2808-26-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 18:17

Reported

2024-10-20 18:19

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe"

Signatures

Renames multiple (4231) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe

"C:\Users\Admin\AppData\Local\Temp\9b2b0c040d61bea62ee200e024dbd979dc28f684d3c7ffcdb9ccf7dfad9c8b2eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3672-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 d874da0f36c7141638ac21d60a269496
SHA1 ca2bd6acd803dfc7bac42f4503c0c7e00fa62b24
SHA256 1d81025ace1b03de59ab63dffbe6305862024fa6f4967fc319ba6f432e352ff6
SHA512 cc37a96d3d3c945bf855d8e6ca6345ed8a4905ca33b65f319f558af8ad1d4aeff72dccedf5c543cc80625ac04a97d9c446e8d1bc60b77b869415b9d3f724a265

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8fb0618e8c75fed23ab7fd4f76cf2a28
SHA1 e877cac6060b8dbd80957bee91bfc580fcc1fb0e
SHA256 560beb9125b5a4c6de6f544fe94b47a43672a445d670a57a70154029e379f295
SHA512 4ec6155643298d9be662c27e5c545c9147570c7391d37fffcad44045c8447d7a27c75c354672642ea692bb4b7ce8ab96f685f14fe02ad28ad25493073692ee25

memory/3672-656-0x0000000000400000-0x0000000000408000-memory.dmp