Malware Analysis Report

2024-12-07 09:57

Sample ID 241114-fl4adsvdmc
Target cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe
SHA256 cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad

Threat Level: Likely malicious

The file cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3199) files with added filename extension

Renames multiple (4647) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 04:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 04:58

Reported

2024-11-14 05:00

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe"

Signatures

Renames multiple (3199) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe

"C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe"

Network

N/A

Files

memory/2872-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 824801dc827850fb5491c6fcfcccbe48
SHA1 1e7c2bd1030b3621d9407c4dcb6af9fe3b6a5ea7
SHA256 88a2ab0781d0bd7663ce17b0f5d515d16d851e010452dc44b90216545708ea3d
SHA512 f5a8d1553525054a12a2ca763feca717b7b7aa1af376fec79967b00ac494e7f10af677c45c8cc6059728b461699550aab46249f7f5c1b2e36af0104405013b2e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 72c6c5c090fe4322fd46f201906b3170
SHA1 a754430274f52e2ad62d68f50d15924c2cd1f3d7
SHA256 30f7549f7173110889001a0f42e23a260ccacd105672e0d839538312273e9307
SHA512 aea5cb43b89cfa570da934384b06f4305bb0899ec288d76baff5e7db806661b68a38fdd849eb940a2c41edc1350b7a586fe5fb9a4947718ed684d1e61c2a3c87

memory/2872-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 04:58

Reported

2024-11-14 05:00

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe"

Signatures

Renames multiple (4647) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe

"C:\Users\Admin\AppData\Local\Temp\cfb413a8906eb5158ce108599a95a2eae63696e5c9251c4f221437b91ec334ad.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/2060-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 2bd1773278fefe7ac28f760d60b70bd7
SHA1 450aadce1084da3b6f1e5aa5f5d686be199bbf56
SHA256 09764576150be3e06fdd07244e478dd97ef3af66cf75f653b1d95a1623c94793
SHA512 f4aad107b1cb4d9f852fd001d3c655df1480af1181ab321d4fb0da5d938dd02bbc95283a3ed5d1c43b7e77e2cde14a7f74cb1882d55fea11ec48843822882e08

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 29f46b6639a417d2b4376d4f4501ab4b
SHA1 ddf5da2178a2f9a132e0436ed659f52466acd018
SHA256 1e224b5c980458a60c1c169a8a90f9adf7bbebf570002035b5c6e505ad5ecab8
SHA512 9dd54d054cb41afad51a0bb4168bbbf9a30731af1a0df50b1c1e3ac8bec31eb03c2535930e15be64ed545aa735cd562693300e2240957c3f5cc3e584c6ca8e58

memory/2060-750-0x0000000000400000-0x000000000040B000-memory.dmp