Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-eqhc2sycrj
Target cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e
SHA256 cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e

Threat Level: Likely malicious

The file cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4866) files with added filename extension

Renames multiple (3433) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:08

Reported

2024-06-14 04:11

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre7\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe

"C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 77daceb060fbf5908a907ec8e4f324c4
SHA1 c608194ceaaaba1f54426b7e64e8f5212127a464
SHA256 a13079d575000527ec012a8a6f7f08040b1676807a78d031d42af12a7a971914
SHA512 a427dedf1ef1faf5a644fe91d9406932905141f2243230bcd19c1edcd43e1f6966f22d9eedfce0d79b45aa87aa3a18b24e8a7c2d296533eed1a2c863ad6d1623

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d53775eeaf450baeac783aa119c3048d
SHA1 afaacea44042767196971423e80ad4477fc3f9fd
SHA256 6a1e3e62429ad6e6f6370b5a755bd402783028c472e49ff2c4e7d6fa5731f813
SHA512 548558db653067cd7f017413730ad2afc45c7783355dec52b349ac8b2142b00336a98907e20eb5ec2996b1eb8b525f4e45a27356bc6dbdfe867266d5d756aa63

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:08

Reported

2024-06-14 04:11

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"

Signatures

Renames multiple (4866) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe

"C:\Users\Admin\AppData\Local\Temp\cd1724da06d3def9258e7e40f4e92ecc7cd1750f0cb5d21abeb971dbdd2b035e.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4452,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
IE 52.111.236.22:443 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 c01d34c36ee62c90cd22dd951d969d07
SHA1 719d15f6d44e74ee6ffe98952e301b59b5ac0868
SHA256 94ed3ddce94de9fd1fcc4a4e0e5d5d0f5c402dce5ea379a60b52e0be9f9fd696
SHA512 91a086c9d6998028fb2d40761d0f3cb3562c9fc83f82913d0256c80376a0cf7182a1c5930dbd54c83367b13882929784f38f3d67a3364876e340a68bba8eaaec

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 bd9c8c2a463be9798066a7b3a0bcd78a
SHA1 56a96f3cc43f26e8cc1d5f9761110deec87b8bbc
SHA256 c9facf568770fb772a6d0e869c34b0da3b5c9ed9ec6bbbf7ac252fe244e25b68
SHA512 bf55c7c0a9cb3bdc31891151f95be045b6cf708d09fb4ccf482bf893c414083dd89bc3a58583ffd3dcce307114e2d47cd93411bca2490f6f43619b506da4cf52