Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-ep213avbmg
Target cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32
SHA256 cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32

Threat Level: Likely malicious

The file cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3595) files with added filename extension

Renames multiple (5277) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:07

Reported

2024-06-14 04:10

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"

Signatures

Renames multiple (3595) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\SaveStart.mhtml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe

"C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 121d86a38f0118923fd846b8f1f11e79
SHA1 52f8019a55c57df63d37523678db0a867c8d7e3c
SHA256 a22c1142ad4b42113a4598341c1586e0cd6d20933bb2417c4559694262a726e5
SHA512 1a849ff7bddba2f45b480969640d0cb0199ec8ca7801b87afeccdbdb48d848e9af567ece50846af479ee6046722e5e9618300dd41a56c935a1b54a88c2a375a6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e08db42ef150b8c9807dad730d9c1d80
SHA1 15e164f7f7a7bc0a6fb6a0c6fe05af79cf759ed1
SHA256 61758cef5d875bb88492c39c58b1741cd8f5c2fc23022cd882a56fe103842c89
SHA512 0eecc5bd0c5780380ee90002949adb088012f94f7cd717ce128d41ec013c363b6f842c32f19772c41303a8eb03c30fd6e41dc907629e813b762627feb9761d0b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:07

Reported

2024-06-14 04:10

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"

Signatures

Renames multiple (5277) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe

"C:\Users\Admin\AppData\Local\Temp\cca71a7eda4fe2adb6c3a41760dfa8bf43669f3585fefd76c651ad64daeb7a32.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 62876bb65d1ecbdc97dc16b763c45a77
SHA1 30c0804c94987d003af638274585a995d346154b
SHA256 b2a5f0e03ce35fd26a3c248b9802b707289ad00db4d9d2ee3722617b2db7c6fc
SHA512 6896511f6de44b67762fea5671a58dfdbb492a3c71d6d54009c0ddb53f18c7f150bbf9384cbeae3a4d5d2146d253b7b6abf4c430e354b15cf38e50e91d4df44b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4f3d48ca28770dbcb333964eee1e445b
SHA1 ac7db119abf3ecf61f64c18ca2b9c0dbe95610cc
SHA256 a7248250105cbbe93452458e77f68d5cda3c16ac4a6b9dc159c3cd4f052c3750
SHA512 9bab0082aafc1fd725542f1d6528c5919f9e7a6f9f96efd58f0c5af6199b97d707413ef205246d3a56460d8bbe795dd2fa6d95973d472680146524bf86b4cc56