Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-gpj7cswcpa
Target ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N
SHA256 ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48

Threat Level: Likely malicious

The file ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (304) files with added filename extension

Renames multiple (4373) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:58

Reported

2024-10-16 06:00

Platform

win7-20241010-en

Max time kernel

120s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe"

Signatures

Renames multiple (304) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe

"C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 461028e63b610cd5ee677f84269dd447
SHA1 552e242d3fa3237b2614a4869086fbab9be659de
SHA256 02baf56e975d49afd02f0084f2149973486d63f362d5d2a49d60b1c366d9dc61
SHA512 f16445ab710634422b43da02594751b3ca0cd6956465d2e10d74e02fd56026ba62090ac7d1222f7497ffd998b42a2efab77430c6a430c10b41ccce13f5ff4c03

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b60b29f0da2af1149d068f4e47a40fbf
SHA1 8d001623001fdb81c48564c0f8f74b9f44f20ed8
SHA256 e8b71fb161ba9f92d174d8a5977841d1ae6a27156ecdf96702e1928e74ea6ee9
SHA512 25ebc9d66e14059548738de96e37ee0826b76622aa82063a208dcd564f19dada7113207da160d9f660f1497ad7c8d8da9e0970dee8ad9d9e8e4b12520fbc6c18

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:58

Reported

2024-10-16 06:00

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe"

Signatures

Renames multiple (4373) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe

"C:\Users\Admin\AppData\Local\Temp\ccd35b997dd744bfcfc33727b85313419449e9d00b669cd21262ae1abce2ff48N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 ba745a87bf9eeae47c09f476813ce7cf
SHA1 ce53357d092007851c4ecb5c313ccfbe27957063
SHA256 68ac64d7e058b9ed44b3b00fa6bacf613c46e59041cc0cec6c297aecf03fa71a
SHA512 e18356d097081d30ed3063cab5302537d9ff1ac919d671e8f4fa9ad11f1748603e7b50c712fecb4b816ec67396372d1e5fdc1b58c6189db48f2c778294f70e17

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 44c759c0c7b5c3f54c7290c79400d6d7
SHA1 44418fbba5de1309c37cdaea11f8c57a3e95f01d
SHA256 412de6fa1cbaf80ea8ee181f68060c5990786c08d1ab87259f981352e4f84a78
SHA512 85205d2dd5e3c56b8b245045341a0d65bed0e4647c3328c16238e7a63df924d491e88687aa9dd52d23ca8321dc48c333f0c5eb34dde0772ee429168ba791b3d8