Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-276hjavepl
Target 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe
SHA256 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe

Threat Level: Likely malicious

The file 6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4086) files with added filename extension

Renames multiple (5270) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:14

Reported

2024-06-10 23:16

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"

Signatures

Renames multiple (4086) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Journal\NBMapTIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\JOURNAL.INF.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe

"C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 91c3838105dad8d667847f91a56e7cef
SHA1 37c688fdf0d8a7a913cba0433c2df43c10c2c5d7
SHA256 8cc4d2b45aeb298d1273a639e1bf77dd38c585c4111299888c42c9df28c2d93f
SHA512 61a99535bd9eb9e25f942fc0558eae544c3b8f0c1d5bf104cc97819fcb9eb7903000811766e00a3b236e2c24719033eee7920e8b6b731c66da7af22ce4e9933b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c8ace47a9f521e8502d8fb698512dab2
SHA1 b285f4a5155d17ba03b60184a371731c2d2654f0
SHA256 cac0a1c4682ffcfa69ee3944476c1f47a1ac8c519810b48f442a50b12eefe448
SHA512 c573b6f4fbcd098665476deb373166d64bfd3dd7dc10999460eb0811d3e7a89a44463257615670f230dc5c51fdb7360757fe75c914b7cf97d7c1924bab7fc984

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:14

Reported

2024-06-10 23:16

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"

Signatures

Renames multiple (5270) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Java\jre8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe

"C:\Users\Admin\AppData\Local\Temp\6e47d141bff0211d7c9568866e9a17ef281e4c3c2897dc60841a83baf4640dfe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 63fdc4c8650d4f700fb75ea99932b2a8
SHA1 53271d672ff4078630f407e29bf291eae4fcf4da
SHA256 4962aa7a5947e5d8aa1258498ed2a29817f875bd69040f3d0d5a6c0158673259
SHA512 54f44b70f60b9f6ea734be9abbe1a11108816b7bfb997a2ac91b288aae5cf1ffba6aead289f6179db99808623b496df1819deb1a677497327809746db14325b1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4c2b0b5a63f4743a915665676cdaf0bc
SHA1 7872a13db54a61bc08ceb28c17e3430f738e3923
SHA256 d6f911d67c2cf05365ba0e44ab58e7a2f048766cdd2f68984a01eca9bc6e1eb3
SHA512 fefa5583436ac3f2cfc06e97f5033df408cea21fcb7ec82b58e57aa4fbedbe2930c02faf64166ce08ccc258d5556bd7c0ad478203b6e835a5024b4faea557cb0