Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-26blrsvejq
Target 6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f
SHA256 6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f

Threat Level: Likely malicious

The file 6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3532) files with added filename extension

Renames multiple (5184) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:11

Reported

2024-06-10 23:13

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe"

Signatures

Renames multiple (3532) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\WriteDeny.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe

"C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 1f3ed9837c83a3d9c552bbc06f792cb9
SHA1 492ae47e7ea980f04a1f805789389afa1ad1f80f
SHA256 29f8b236c871ee8f01fdb11c1ad9856007e96ad46d3804fc7c2281964ab06367
SHA512 973d3cf62a314a3d45d0a2e7ea7d281c8392dc0d406c403f6bd29b4527a5020f16282a5c7d4cb469ee532e076afacb54f65af01aadda678807417c8a430395c2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2a3d72dfadb9e6484df5ee3b01af69bf
SHA1 cda0ed699276a44807f6885e0d08d60da315a9ba
SHA256 2afae16f53026e52de49ad29f4c5d8dfe12686865568a2f512a9bb4413314abb
SHA512 b997b4300e275a9a79c7919afb9d89994b93736c4fcb59d352810bfc5f786f61934705a03d9696163ee9f4f0f06c575f2989f48d76615a3c91c16e65796d2a27

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:11

Reported

2024-06-10 23:13

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe"

Signatures

Renames multiple (5184) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe

"C:\Users\Admin\AppData\Local\Temp\6c640ea027f946747e4d5f9af00ecc3208f5a95a4f9b7d4aea0c14b11e22d19f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 0c418a35e76fa1036eee0f124889912a
SHA1 f0ed4792afd5d90e97246a62a0dbdf51f51b6ae6
SHA256 33f4f704f9451739049af6d8089a6357f3f9d58cb3cb4739e0ede88a27167e58
SHA512 af14dc8d67b327eee5ec5b2615b57bbcbc3e16a3e98ca98f33ab783b59a91454198f73e5f29497badbed0614be64e200ac14610daa4857afcbce437792155ada

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9bebacebf238e5b8f26297b0bed54316
SHA1 4b10db96164077dda8ded1b0436c51dcd16c57c9
SHA256 8df8115fec07a4d6a2a2b6db39f7ce42db995523380b6be68da9c432cc427677
SHA512 0e2308f96f0fc35d4e838a8f774f6edbb00898b0df3f62b866a666c27abae705181c360f987db77b288de93ec28d57be296700d1917919409f8edde0c54fee58