Malware Analysis Report

2025-03-15 08:14

Sample ID 241016-f5clsayfqr
Target ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165
SHA256 ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165

Threat Level: Likely malicious

The file ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3744) files with added filename extension

Renames multiple (5045) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:26

Reported

2024-10-16 05:29

Platform

win7-20240903-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe"

Signatures

Renames multiple (3744) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.HLP.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe

"C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 7d50aae30c2b06ac8486ba3fff9d74e8
SHA1 45b1a7e23a933ff5970b72ff4b675bdc4879755b
SHA256 955695927528438f1fe71d3a9fb41e23bb0a1d0816e7218c7179b866f18a83ea
SHA512 98981fa5305a7b596b0f66847a77d61f5ea1feef8d95f2461b63d8f7de639d7b4f3b67d12b7f0fe4367b91cadf4dcbac426c753c0b961bd730e77779a7d000f8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f869e1907e5e3d7aab76b156de9ce232
SHA1 1661cf2023c2509c3c5a6dce566b2747ec146bfb
SHA256 3d013371aa5d540058162725c7ef2265c0ed208bcec9e1a26bf6c6ba2700fe72
SHA512 2dbf652f1eb37019a2f90c7d1c753cee89c6e86cc2a538df722637422bd2f35ababc0279a538684d72f1ebbc864f7f922f77c9bc96d53ff15c09ad8b81d7f54d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:26

Reported

2024-10-16 05:29

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe"

Signatures

Renames multiple (5045) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxcompiler.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Tec.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe

"C:\Users\Admin\AppData\Local\Temp\ccf3c31d31b38c87d0d555fc9318194496a7992aebead7262bb7f0fdcdd10165.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 bba9c3ba205ada16bca983f76043e4c5
SHA1 ef370f75f26dcedf5cedde3bdb696d798bc1b3bb
SHA256 dfbec51b9b3416be35d82e3e393cfe34ea2fdd60711e0f4197d37b555b463306
SHA512 31a0021a7a70a9df06a0b114d832282616914f04ad883e518ad7e2ea2a8310c7fe6eff216756cb3a89ab4f816397d6275fc837089112cbc5095d90a847b12bfd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 28b25a4f5bde2d6155612b4cf32b1f9c
SHA1 145526dd17faa690d52eed3e8ae36c4814b0e3bd
SHA256 4803586680acf76b05d765cf63627ed424a71761838351bc83d2bc719a4babab
SHA512 9d9b085ef3f65c9a144ca6c3f70bb95e9fc5679859fcf1ff2d275a043991c815cdadb13cf8d528e8080a047416150ce768e5715f5a4b1ebfd99e99e0a1db30de