Malware Analysis Report

2024-12-07 09:59

Sample ID 241114-gg6qdsymfk
Target cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe
SHA256 cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95da
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95da

Threat Level: Likely malicious

The file cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3441) files with added filename extension

Renames multiple (4868) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 05:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 05:47

Reported

2024-11-14 05:50

Platform

win7-20241010-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe"

Signatures

Renames multiple (3441) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe

"C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe"

Network

N/A

Files

memory/1996-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 366ae4892207950ba3d6180b01ffe3d6
SHA1 864642dad0bd0f42e1d23baad4194ecfad444842
SHA256 dc2e8be1db825759f2c1a102f43c68148a701e175cfad5dddb944eec6b131661
SHA512 d479cee906765e2bb8e47ac412a067ad7bdf8682eecba51d3db5933db401a9fe50bf57b6ffed1d11f727af4c6bc24afc4ce0c30ac8d137fb769854c629a6c8df

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 09b7c12acd30132821e4125c336565e3
SHA1 c6fc3f1a6584d7be8c4e871be5590878936b3715
SHA256 31c6577ff76cb98b405b93831f2634d161b917a221287ec74dbd79428564276f
SHA512 9264aa36d4e0e78a02644ff0766f16a651108b31ccd2272d0a40620f44914f005060752b9abb0f2f357766e0cd6ad2ccaa688ae284ccc21752ffb24c90b8aa6e

memory/1996-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 05:47

Reported

2024-11-14 05:50

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe"

Signatures

Renames multiple (4868) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Crashpad\settings.dat.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe

"C:\Users\Admin\AppData\Local\Temp\cac5bdca928fdda83f2711a8bc220bdc7bc8dbba371f3c400e7f29392cba95daN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/384-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 4184a679ff6a81e0e609e243b91af028
SHA1 d1105a10f5dba1dd6c696967a060e9e2818ec71b
SHA256 df84d628510b4acab5a58578b1441c7835691981bd848ad87143e6fb369d4578
SHA512 389f53b51f22a2f4ff3baed9dff1bd0c15b434f66ef4655994c5d21a33f016aab3614739509aaf4321e0e7d888c679a56081937d883306248038ff19a3243c57

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9cc6bb018baa9352b6eea8c049d21652
SHA1 4954b17cfd2c7107f1cd35aadcd3586d4fc9a859
SHA256 feed454704e94862b693d9cdf3d74d370a04159bd8a9c24cefa162de7a4e4b6e
SHA512 e6efa41712dde193c0bdd554c6800f623349f97957948757684509a85f3fa3d3d2ccd1425b13f7d5b8a93c5da7fa3c8a39693a68f3a8a17b8eb3176064e64630

memory/384-666-0x0000000000400000-0x000000000040B000-memory.dmp