Malware Analysis Report

2025-01-03 08:28

Sample ID 240617-csentsthjq
Target cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927
SHA256 cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927

Threat Level: Likely malicious

The file cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3437) files with added filename extension

Renames multiple (4984) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 02:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 02:20

Reported

2024-06-17 02:22

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe"

Signatures

Renames multiple (3437) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe

"C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 aa0b9fcb1970bb8969bacd8ac8edb2b4
SHA1 0ca424745ec1ed63e75a2af2000cf943576801a3
SHA256 9cd6afe7899743e068f1bdc658544ccd82e6e103a5061f6e7ed4f4b5f62a75b4
SHA512 59a6177bae1e247e7d65f730a3df24ad108c10013642c4469d8a10961bc3aba794a16a4ef5b7094f7e7443448276281b43302c8ee4f42fac0ea64dd91ed58074

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2386c27348410e6936038892a599096c
SHA1 96a88369110fb43face92c514fc0f9a9a42cf0d8
SHA256 e3a727bc69390e8abbde39503c8326198f72a705916a4f74c0df84464531e399
SHA512 471da29e0f87f694b4f5890a227d12a01d912c8e614bfa4f6bb6f29de863728136878832e63b724c8b92cc694ac04c306bd2ecfc0115d2dde823bd74dd053110

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 02:20

Reported

2024-06-17 02:22

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe"

Signatures

Renames multiple (4984) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\MergeDisable.vsd.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe

"C:\Users\Admin\AppData\Local\Temp\cc14f5ff7c985f6a9c2960efe0ab11d1b4a2be3af58ddb5154d7217cd1a3e927.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 835e5058579a6fd6609645aa98d57968
SHA1 378e5cb6b1209bbb38607cd1c03bbd0be2339795
SHA256 2ea7c857da4787e239bca60b82f1caa0cfae18802d2301b56eed8cf72b93b65b
SHA512 ebb9f07715ce059072399709782844747cac91100e9a7bfa75105f3c3a8575881d8faa4b861d593fac4a6a47804589a4fde7e9206856c998192dd770c850f413

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 62acbedcec27bbdc4193bceb98664ddd
SHA1 2e7bf7922b2ce148d8226b9c2fa2dff67c4f670a
SHA256 f4d6673029ca5cff015548b26f2bb45082e44ccd70f61d2ea88b47e7f4afa420
SHA512 845cf7ccede491214911ab44424a73e51bbf240a7f206a8ce93643c60bc1d9e221acff3d0c55b4f51596b806043f6e4f116871311d8a7a7840cb36ea185eea88