Malware Analysis Report

2025-01-03 08:28

Sample ID 240617-cg7v8stdjq
Target c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd
SHA256 c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd

Threat Level: Likely malicious

The file c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3537) files with added filename extension

Renames multiple (5059) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 02:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 02:03

Reported

2024-06-17 02:06

Platform

win7-20240508-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe"

Signatures

Renames multiple (3537) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe

"C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 b40809c379fae5953a8c7e4eb2d90aab
SHA1 ec5e081ae7ce38d3e580c68eada97210ca34431a
SHA256 c9ebd67087379a8b6befff194037f9d73a815df37fbd6ae3b0e231a96754f9d9
SHA512 db4ac938c782a997564ea92816ed9554011f49dc50562ea2bf5061f0103a25d19ae5b076e5651c4c48e1e4f42c7d0af9172e4bd25fc351092c54ee16483909c8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5ea823dd382f1ccdf0ca7e2f8592a77c
SHA1 9cd251fc895eb9cf269e9051dc153a2a397aa619
SHA256 d649aaab3a5cecf47571936045ad03574b6cb51a95542d8f1e7d82a35ac98b95
SHA512 e30b2598bec1c11ea30b828247c278cc2455496260b96038af99dc97f9021137acde28fe383a1cbcdf568de4db95489d6098ee8306c15d8e1c337f9dddaf1d28

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 02:03

Reported

2024-06-17 02:06

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe"

Signatures

Renames multiple (5059) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe

"C:\Users\Admin\AppData\Local\Temp\c533619fc730afa6ea6aab118c9ae991e3db6a735d9517380c703ce2194c68fd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 4c16b537867337e90dd059ae63570654
SHA1 a7e9d5ea7dc3c53658e52513509d6b0f68f5dadf
SHA256 49bdf15a19da903ddff47d0ac16370d18c5d66621b3b27f71e4ee62be93b9079
SHA512 bc217ed4d4d8f9b187cea4c26c79b2a10981fd1916cf3d14883e342945fb8d6ce0df803f41951d6cd4b8ba3e8b3f74d108e32224203d7dcf45f9e70362b75d64

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e0f888427bf3122e347c2d8897fa4cd3
SHA1 e26aa1b8373db46c95ebc4793f8d9fd93a1fc791
SHA256 0b4f99f1bbf2cfaee0ca70c5c53dc6e583dcb4faef3137895100fb926abb2335
SHA512 20b0224a67d7f11eccd7cd6e2034b2c32a1652ee555abedb32546cf4e1a14362c2de5df393258891a0cb708b6e1d66d55ed7b5a3931b1b0da0b6bac002d4d75f