Malware Analysis Report

2025-01-22 20:16

Sample ID 241019-3rbhwswdqh
Target cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N
SHA256 cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390

Threat Level: Likely malicious

The file cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3293) files with added filename extension

Renames multiple (4527) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:44

Reported

2024-10-19 23:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe"

Signatures

Renames multiple (3293) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\InitializeSkip.DVR.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe

"C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe"

Network

N/A

Files

memory/1600-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 381483af361ada9a9c9fd9bfb51251f3
SHA1 0028aedb26b1ea9b3df759af828fb5841f786e3d
SHA256 773a5bf8059006dc69a094b0a42d030e532d25ff287b69beb9377d1bdb2e7a08
SHA512 82e5a31970d21aa01e068760c339bad607b2f3b9ea7f73eb606160da7a061ceb0fb6418715cc88cfca19b586d42e940aeec04da314b5678402b11e0c9558d747

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cf2745ba36a0af3cb8b33ac6edf7a3e8
SHA1 f89012e38ade4202b43ae06ea202052e98a8270d
SHA256 74ae9897872bdab83cdd289d047f5a5140ed9814e5276a8528da0c6a990cf911
SHA512 057a36b49fe88a4bfd070f4332dfbc361ad0fe67850e2ffcdae009187a44595b6930a03496745d3b971722d8b47a4b0bb1bff82fecc1276fc4c7edbd14352b34

memory/1600-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 23:44

Reported

2024-10-19 23:46

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe"

Signatures

Renames multiple (4527) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe

"C:\Users\Admin\AppData\Local\Temp\cdfc971bbc3886129e322379c840831d47e318eece5db95f4f4dce42b9063390N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3940-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 faf3c082827072848cd8743e0698f59b
SHA1 de3421c9bb1a3ca65fa3266b8d4a94c383a753a7
SHA256 9f45cc78aa55aa451d76744c0f7398f6a8fc74b4f29361a32f84e8e86fb6bc40
SHA512 d778b695bbe7d42d57672546c823f4fb4e9c85fb50d1e9dbbd18e284ef9312b54a6373944bb48a183a4064a1ade6e9f3c2a0f366a164904758c4f9a8db01e8e4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c975d83c77600ad51ffe598220dd82ba
SHA1 94aa31736dda4d5dd3a98cad9322b9713f39b930
SHA256 475596fc87186a2ba68ac74dae410ce10d422d1a7752916f691ad39951fba162
SHA512 dcb98a2a1fc80806bfbec7b08e198243550edec89d5aa53f91eaf52e103bce81fced7912bcf6f8969cc7b9de13b8f3cd15ac7665e491478c5a37c354a601b702

memory/3940-776-0x0000000000400000-0x000000000040B000-memory.dmp