Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-2967vavfmr
Target 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa
SHA256 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa

Threat Level: Likely malicious

The file 6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3456) files with added filename extension

Renames multiple (4863) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:17

Reported

2024-06-10 23:20

Platform

win7-20231129-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"

Signatures

Renames multiple (3456) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\InvokeOut.3g2.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\DisableCopy.pptx.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe

"C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 64bfde4cac3a00308bded9638147d472
SHA1 e85f017da25e590c70575606c4d437e1e053540b
SHA256 bc5263bef9a85f0e1eb3c689337c3a532a20198bc4f88611871603850201b57e
SHA512 e8fadd50507fff06a1b5234bb619cd8be1a93341e20242edbd805fff1b5b1c587ce8aac63d3aa128ec511781f0a4fce7db47c30bab53e4a28289cf67145a888e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6d5df6935886db07e842160e41861e33
SHA1 909f85d3846f0aa0c56eeb42bcae47b897269224
SHA256 859b693b7c1bc38a157b768c44123e03d9db394b04c828c3399b2d6997c6f99a
SHA512 1e8cd12a3724e590dcb1432fc1257d07b8ff17cfb9754b2e8dc59625d35eb0311b388e985ede4c4508d37d2dd0b2022f2fc6735966a2406cdf2493de18995e8f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:17

Reported

2024-06-10 23:20

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"

Signatures

Renames multiple (4863) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe

"C:\Users\Admin\AppData\Local\Temp\6ffc14ede05cb95f1398382434834254c5eb7856cc72f218177d0f3e20b4adfa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 3f6116bb5e2382eaaf67af58f36712a3
SHA1 bfc27b225b6538fc9c3b2065d85f91a754d90466
SHA256 5c9df6c449a8000a2b9aa68b3c0a004fa80108e1ed8177c201797ccb27dc5e9a
SHA512 160e79a0a7db63b7539c34c4170d1607bdda9495092f820fb282cc43eefe8764ebb5eded7ccaa1f50700c6ff846457017f790b68d5e22a8066fdb251d36a60a9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2f96aa33274f688519b610adb088deda
SHA1 6d55041d6e55e69a4410b5b2ed52b246fbf4159c
SHA256 25b1c40729a93933ee0fe2de741f46333f794e8a6bd8d7183a06580e5f172f14
SHA512 28c22bf47813024138caf10d452c7dca89662df714e1af3080f9a9608455d6da09a0e4f9665a23a136d6568a2197ed6a6b1b569ee6e90586273131a6764e4306