Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-dn95lssbje
Target ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9
SHA256 ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9

Threat Level: Likely malicious

The file ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3490) files with added filename extension

Renames multiple (5322) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:10

Reported

2024-06-11 03:13

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe

"C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 06128780056d43ef5dbde14d0f77485b
SHA1 64d5d91d841b8d39d9008885f0a346a2eb7c02a7
SHA256 6fd0f7271843ecb1e0e4e7045db387d4a500b63927a658ce58ee41d22ebb0be5
SHA512 13461895b0d1345ea296f7d5a7e130469a082401a8033a69fd96bcf30f3fede2217a3326e035fb8380c034690d44a8d025d4d0e8063c4a1ffe0da50d2d3a819e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0e8dfef35866c0698e46ece5f6837057
SHA1 0e736ba571d0544b2fdb9dac28457c18795707ce
SHA256 f7dad8efed0f12f7e28241ea6d1a59e8d10eb36eaee294ba6488958849f0768e
SHA512 b7cde0ece13259d2f43fcb60c08aa172dff0bc07a57f04ec38f55886e2114bc6e4291a2e0df25c1d49418d364e4451760bb4e8bf9a2d1adb07968465ccc8beb8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:10

Reported

2024-06-11 03:13

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

58s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe"

Signatures

Renames multiple (5322) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe

"C:\Users\Admin\AppData\Local\Temp\ca4023f14af64c95fa70da158ad5debf7b6b1ae1bb9cd47343fac47b7391dee9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 31eafd25360e6109237f9c30e1ababd9
SHA1 645f8b5d219fc5c054c3a334b4cfb89c2b52798b
SHA256 58511c6e5d3512995f21b1febfd29c7f5e71c29ab6784a32e0d3f2990ad80d42
SHA512 59520e3f050122cc09b56d532aef80d9608d5b9462c134e7402a7ef9dd0f1197f335401c5c3a33011321529172974796123c4845bef016b560a51d42f946797e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4e034a2979614788e016d70fc98e39df
SHA1 4876a4c63109994af0ac1ae3d658a2d4d6eeb443
SHA256 2791062edbff3428f506fe86e2a7dd7d542c9b89619c93859b0a78eccfbd3542
SHA512 41b3f5a7de164c83346d853229d66a5b3fd997caa7a85745eefbb9d456e7be1cbb1c533a6985f80d0270891791160c2aaeabc3e79fce834e9f4fe585ce552f4a