Malware Analysis Report

2025-01-03 08:31

Sample ID 240611-avt57awhqb
Target 8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2
SHA256 8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2

Threat Level: Likely malicious

The file 8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3506) files with added filename extension

Renames multiple (1209) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:32

Reported

2024-06-11 00:34

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe"

Signatures

Renames multiple (3506) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe

"C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 6c562e44defd455fa27a69f518bb2e36
SHA1 bc427845eba5b3b82fd4e760b3af467011b70b84
SHA256 38d16db742629551e11f50afc151b91de3947053e3f459741a6e5c8849bc6f7a
SHA512 7dafc8f64822f39e693bfbef99a443f4c2e26c2c5be4e410d02205e3f6e819d5339305dab0b7d0c24c25c815ca3793730aff2855247b8da09ac7e63ed9b6be51

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fb8e4eb1f3cfc41fbe1eec49c4428fb0
SHA1 bc6a794ef211d9d758c89cff0c2455ea09dfe2b0
SHA256 46b4489615138729437402db669ac64c87843e62a2afdefb85fb969fd2f9cc4c
SHA512 6e6fbc7e189374b878c746833df6b904c4022d113b254b89d3060d66a74bd9ca02a53d6229a2348df8b9402268bc8f62ee9b096b9ad626f9b5ca8bb6e1309699

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:32

Reported

2024-06-11 00:35

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe"

Signatures

Renames multiple (1209) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore_amd64_amd64_8.0.23.53103.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe

"C:\Users\Admin\AppData\Local\Temp\8ecd45f5fcfc42bb792573a2dc89c375edba7c0594b361fded1a6b2346c2bcf2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4468 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 b5ecb3c9e9f47751435848849b641f85
SHA1 33ac1a672baf3b02e59442fc9b31a44f31fa75d2
SHA256 36ba1dc5fcc25e3ec35c162f871ca236f7c9d930bc474c6411ed8e4a35422210
SHA512 807fa82f336e61fa129240a3d55e6d2eef1ecdd4dbbc2c2f2331074a959afc1faa9ab275b306a8b344af3faf1d2e76940d81f54fb2f28287f1c297228a4c2dec

C:\libsmartscreen.dll.tmp

MD5 758a2e773cc90638aeb554148853379a
SHA1 e97559c598ecc343b5d6f95868ab3ff1711de944
SHA256 17428e2a443010415d2b9bce761eaa62e26c66c8e423b84b3e399b994e997ea1
SHA512 4ce6169779ffbef1187b30bfe1f9dbc74b1db9e6859e32782444e564f6de307fa9a439063f7611e25b64c660bffa17265b2b51c47419c8b979c24ad78464d10d