Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-ense8svbjd
Target cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5
SHA256 cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5

Threat Level: Likely malicious

The file cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (558) files with added filename extension

Renames multiple (4721) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:05

Reported

2024-06-14 04:08

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"

Signatures

Renames multiple (558) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\ExportPing.zip.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe

"C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 a81c0cfb245c1222ad89aff34c44cd50
SHA1 6feda5ae80d094ad9fcf5d035baf15d6c24e8c11
SHA256 5575856595c19359d5cc07536c7499c9d1492c25300214a457bb70507cd67fbe
SHA512 79d29cfaab1d34c7d236abefb08bd6bd7068559def031f0ff9001f508b08c2dc9308ff0c6dcf90b4ad6a5e2c0a532418e0388c531bf4c22dbb0f67510b33c104

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f94f97bbf4e631c26685f8dc2a574075
SHA1 bdcf5eb5d336ad27ff5a8ba11f71c3d138a93a4f
SHA256 4ae67a428ef0ce99c8714018ae2edecd28fdce2617d72e5d62eab3dbd4f18c2c
SHA512 f73650456ae43ac9aee1dfcf30b83d0043bb9a2cb3c147220b3b5b46d23f8bfd8fff78bf54c53e9417676024c7fa7c5b3d1b9dd4e981c0be7f4a2cacbca28600

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:05

Reported

2024-06-14 04:08

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"

Signatures

Renames multiple (4721) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe

"C:\Users\Admin\AppData\Local\Temp\cc80860ec89050bc15f5f44cc18884bebe10d6fec1ddc5cf883be979bf367ff5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 1bbcc4a35f5edfaa8d0bc3a9013c5bb8
SHA1 f9afed9fbbe2a4265b0345ba5daa7371c072258f
SHA256 2106dd30cabe96787f7fe4a016ab4308216b3ae79495c4459f0d9bd57638d44f
SHA512 a237d9eff9cf7d5091ae9ee0a35842791dd1aff08860a554a8887e0558a551800cafbc938914f966c6421fcb98654443e163a8d483f4985855446fc3af3ccb6f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d63d7092fed81ec8ed7fd985047bf652
SHA1 51d8f9d2899a69f261d1bcd06618c2f283560bb5
SHA256 9f0f35487f6e0465b7c0b7bae25c7771f6005eb80ee493df3876aeabc61dbff0
SHA512 2cf7ff162c0878742a5d2f84440bf8c5410d5abff60f7ec94ca109fba0e2d35f7fdf66b27bbeca44b1a877a21d561c6012e22a1350a0e9432b45366e1608106b