Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-gfkrjazdkk
Target cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN
SHA256 cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eab
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eab

Threat Level: Likely malicious

The file cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3123) files with added filename extension

Renames multiple (4545) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:44

Reported

2024-10-16 05:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Signatures

Renames multiple (3123) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Network

N/A

Files

memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 f5a14010d9bcfeed7b56a45ea9fba9b4
SHA1 975893caccbb92df3f4fb8c17e5b23f85315451f
SHA256 29df56cb47f1dc66970b0117384c3394a794f6604ff7bae4463373d50e1d3904
SHA512 8a6d483495be8ffb3e69fbc4c2ed737ca468aaacd6c9b23ae61e94ab9572a742a52c032d1a594197c9111c85bd234ac76b02f5b1d4dd27a1b428a3dc5cf9cbef

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d842f06f80e568e552cd313384c5d34f
SHA1 e80f950d36e344fa106aea67e815ec09dee439d3
SHA256 bf49b4674b7d1877d6bfeaf9856267d8d74d3edd2919ab75a5e4451056eb23ef
SHA512 92e0033f909abbeec4240b63e5c73792fbf9d392ebc1c4fccc766d1cd8e237236f61a27c8658472083992dce5096ca02cca6aaf40f84bff4442139f06859b79e

memory/2368-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:44

Reported

2024-10-16 05:46

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Signatures

Renames multiple (4545) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\CompleteSearch.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/956-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 311622fb6ed13642040e3b050bdb395a
SHA1 c0003fc97d3f25257172de7967b5c743a252173c
SHA256 f2f31bb685ddb09adfce2afd5b48997098f4ffe3338c9b039c9e51c1bd21725f
SHA512 a75c758de48042e971de2b5355b9817e95dd6505f08b1508e7a86e1145f7f072aa9bbe4f8a1d24ce1033a39a44f97f870ee91e60d0eca9972be70858f193984e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2d95d530dd296611ac2ff4c9603529e1
SHA1 f04013467f1d4dbb29e5bed779eaff2d9b1ed625
SHA256 677c46249016803edcd40363a98bf5d43255db60a60d7ad812e778ff9f6f8d8c
SHA512 c81030b6f1887b6d8460666d0035341903040308dc94c2cb21bdfdab03edec9b886f6296ea05b51447b1670b2c812d372900e96bd48fac98ad5344176950a55c

memory/956-666-0x0000000000400000-0x000000000040B000-memory.dmp