Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-ggvccszdrl
Target cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN
SHA256 cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eab
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eab

Threat Level: Likely malicious

The file cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (5110) files with added filename extension

Renames multiple (3732) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:47

Reported

2024-10-16 05:49

Platform

win7-20240729-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Signatures

Renames multiple (3732) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WPGIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Network

N/A

Files

memory/2592-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 2551a55a82e97af54289b73b841bc42f
SHA1 b7f6df8f5b99de46f59112aab58f411aff40a98d
SHA256 5dff0abf1299bcaa63facc7487be94c785943baf044325dd4828acc564fb3697
SHA512 f2ed02baeafc5f4645646b2f007289ed32ac3abb24299f871549a9721b09d4266e95c5f09f2d1f9cc9888b4c8507d969cb98debc466c510c1b7b97aae5bb05fe

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5507100c6ee00557878fb6c222ce5dc4
SHA1 e407a238d3dabc3aa0ea4db1e7fbf31b0e1ca95a
SHA256 0194ece9970a855325bf99c7626e8b277ca2d46b25fd4c0875d60b2d4abd201d
SHA512 c3bc06439af0b22b572dcc358d5efa9860cada3da3ca5ba85d2c5f7d7d42bae29b63d523ba5982c7d81027005aab2f9b22910923ae67734677ce25c9715fca28

memory/2592-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:47

Reported

2024-10-16 05:49

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Signatures

Renames multiple (5110) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe

"C:\Users\Admin\AppData\Local\Temp\cdbb885387f1b4802605524286ea492a54ad9fc4668032d9794e1d0d2cea2eabN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1744-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 f54c3e241e30287beaa0393b7f58e2b1
SHA1 04c84a5d2907df86e0d44e3dcaf1bd3f68226c39
SHA256 f10293316ef3e96a190b20e5a2d7a772d797812148c9527ba2697532def68683
SHA512 5141a327d781a0e7af64cab044b8cfe55022e28dc47045d57494951adfd569575f78ecd29c06b8ed4946a488f0e6774c3ae89d2ec0fe7977953f055c71dc8ab6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 00a2fa17bfe91b9de3ca2b871e752ec9
SHA1 99db8eb7cc7c036160d9b20df9e5128744ad162e
SHA256 c4415176e11361bbc2951ce5ed4e42b54e8d9ebff7659e234335139d45ffdd52
SHA512 31bc30c1ea9d39796bae761027a526e06ecb71196bbf1f8e7a59fa68df482dd07d494b29f8a36b0e2db73641ef3269a1d0ae62312462117dab9318de0f9bad69

memory/1744-666-0x0000000000400000-0x000000000040B000-memory.dmp