Malware Analysis Report

2025-06-16 00:04

Sample ID 241105-3ywseasbqn
Target fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN
SHA256 fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252fa
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252fa

Threat Level: Likely malicious

The file fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3297) files with added filename extension

Renames multiple (4619) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 23:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 23:55

Reported

2024-11-05 23:57

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe"

Signatures

Renames multiple (3297) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\ConnectProtect.xlsm.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe

"C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 00be2a40302407715565914d2aee1050
SHA1 ad1e8d2173929f10479c867bf47d8d017d7aa2cd
SHA256 f6b531f8cd4c1b22fb63e6904526426ab5ecb5c1badb66442754e124b15f744a
SHA512 704ed32d3f1b0a192b10c6045a8cca51d1289bbba4bfd832ad2bd9612edc1febc155d89c0127eb55db838eefa9912134cbb62255e0bfdae56a06f5c0d4c3d141

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 203e6b242b17670d02f096dcd9579644
SHA1 4239401bdec0831c48d4066090203d96339411a9
SHA256 2181984ba869cb76ffd955433fac1167c1c17e33b59065019c6f0fc39ca0700c
SHA512 9870e295a31fe9438ec4866df6a488eb688161bc45d3e8c465510dcf8401b038018972385b94c01f53a0465a72f7bb1c9d92c80ced5be3927cad65e68e0689eb

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 23:55

Reported

2024-11-05 23:57

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe"

Signatures

Renames multiple (4619) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe

"C:\Users\Admin\AppData\Local\Temp\fbcdb160fda084422638c750c67a0801c46bec238daa6507272e81f90b0252faN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 9e8545d9aa984f71e9ee83c925a09d71
SHA1 741a0344695a8f8e859e8a57b06d63b45be54285
SHA256 e0d29d32f7977cb636c454b20da05bfcef34b7b8422f2f54f1275a0b253bc888
SHA512 059b189809ec400439a96d6e828ecc214fc2469f4f56ff4b13e867b20511c1b362ed7c5a04688d46679b271d327bafebfc1b45044e269f6a9e345feb5ca2a12e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8cf225fd5907cd8c0488947e4b148168
SHA1 d9c58449853c3593ef18aebb4660135ff9aa1e84
SHA256 d31b0a3fd9d6f68d16dd25bf5469b44339d09a0f1300e4b7b5939a7393e49d51
SHA512 8ff11ee538770916131329157c51f87bc97101d296dd3931123e93fcb3ea801c2afe27c490f4a60b300cfc2d3c662a25d51c0fa7f24cdcbbb82b116bdb6214f5