Malware Analysis Report

2024-12-07 10:03

Sample ID 241114-bbcmgasdnl
Target 9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55
SHA256 9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55

Threat Level: Likely malicious

The file 9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3685) files with added filename extension

Renames multiple (5188) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 00:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 00:57

Reported

2024-11-14 01:00

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe"

Signatures

Renames multiple (3685) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\AssertResume.iso.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe

"C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe"

Network

N/A

Files

memory/2336-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 3f6a1aef024382c96cae3fa5edb2bd78
SHA1 05a80393c09d5a092861d51162033e17ed3b3e15
SHA256 17423545056e0017b818df8af6be8f598da292abae18ce995b0c10a16e1d6efe
SHA512 287ceaa8518c985db94b7e4d049da0f4c1bc1c62a95f3b34666e6000418c0c5bb19d2b6b180261187dee2919dda2dd99c04ef43b11631384cc883370b32c1b9c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f6e2ecd08fc37ee4839f4041114b5c1f
SHA1 1f855062889f0de5e8f6c83d15246926fece468f
SHA256 d6c33dd00e2bf4bdffebbc35ccf1a3b7a08c0a9320a6fd75251670b66d1e7982
SHA512 4a734f0d6fe0ce5b89e7e4c003aea52292566f2146a4e437aacab0b2c4d3f06da8ee174cc1fad794856e0d70728d702110384fa28466f4f0b34cc4c1a7060cce

memory/2336-71-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 00:57

Reported

2024-11-14 01:00

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe"

Signatures

Renames multiple (5188) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe

"C:\Users\Admin\AppData\Local\Temp\9f66dab7e3d3fdf5b1f552c2e39baec3b9661099e8571456a74196cc288daf55.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/1860-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 492d884995804106eb119505464ad95f
SHA1 6540dd45ab845d13a0da55fb8e82d22fcefe39ab
SHA256 32bef6d9ec74ad58b7f825c7fd60905ccc73d6162ebbcbcb88c7321ae46a136d
SHA512 5128e4c53f9954436f09465b5f332e406b8f862466810cf5020b603b10c91cc5d93e1c999defe895876f36d91cd9bd4ef44d48f30a29ff4bfe60ad03e58a2836

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6106e4b748878fe9432593b29de51718
SHA1 74d9fe7c97da95b2c0893e3677b57e9a49d86b3f
SHA256 2cb30ee9d79495193a263384111670108c6546c3be3517fa6cd5e914cedcf000
SHA512 afe5332b496607197832dc4deb37eed4fbf85b96a3d1f9213cb6a308aec67963083e62c93a87abf2b802c79f7b51a65317ef0b92805ef084998ad49e8f280ffc

memory/1860-751-0x0000000000400000-0x000000000040A000-memory.dmp