Malware Analysis Report

2024-10-24 18:20

Sample ID 241018-cfdk1azeqc
Target 44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN
SHA256 44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01c
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01c

Threat Level: Likely malicious

The file 44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (325) files with added filename extension

Renames multiple (4357) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 02:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 02:00

Reported

2024-10-18 02:02

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"

Signatures

Renames multiple (325) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe

"C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"

Network

N/A

Files

memory/2100-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 855d85297562d46f4692d3067b06bb1c
SHA1 ed8fee5c366a69c717df50dbbee31c2fbd5fd946
SHA256 7459368d3ad9fa6b753df7c9724afc2cfb93706bf3dccad5a666cd6536ba2493
SHA512 86bfd0fb39a7020b853b663620fcf267efe2ce56e411b1f111f2684adecbfda7b0968b0a632bca1f5e044a5af7a4e8c6099dbafbf723fd182e0930dfdcf54b6c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 979273a3837740223423052f05918f52
SHA1 873881ad1a8cfaab1a24ae1a17a489bc4fca24a8
SHA256 03728592f5d7316d950eb5278b418ef51c0ece06254a799d6c415faf6bf7193f
SHA512 c4adbe49800391fdbca49da3de9fe776a1d8e038116eccb92bcb1cb7d750b3d97592f947418b72c004920c2e59a4e4fb5ab594eef531ce8a4551ae8e5ab73979

memory/2100-18-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 02:00

Reported

2024-10-18 02:02

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"

Signatures

Renames multiple (4357) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe

"C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2800-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 ffc18948ae28862ea81594b30c3eb7ac
SHA1 0058049330849d3e0dda8b249bea5019fc308045
SHA256 962c4b3a3913f11b4101dc67c3c04cad20d59970bb2469205dd1a317867f7f5c
SHA512 b64b76550c87c7fc68fde73414e02f3883415aa8deba8963a222620c8768f357cf3d7e798fa1dec1fc39f38ab9ac0a43c066a8989ca519d857aed310ea893e73

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c321be561c05349156d8312abcf13c6b
SHA1 ee1e794a571fcd2a2cbc6e25785b1a40533d183b
SHA256 dd0aeb9d071699a44f625f5f24f7ab3d8c89f9dd1e4c160d087c8b2154bfc7a9
SHA512 a6102e7df679ef0cbe1dbda9105962297a7ceedbe5eee5b8b49ef6bbc81e47aaf0c62f6d965b14a152b95265bd751c68eeed5f087b024793c2b1670289537e18

memory/2800-662-0x0000000000400000-0x000000000040B000-memory.dmp