Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-a2nxraxfrk
Target 927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000
SHA256 927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000

Threat Level: Likely malicious

The file 927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3753) files with added filename extension

Renames multiple (5010) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:42

Reported

2024-06-11 00:45

Platform

win7-20240508-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe"

Signatures

Renames multiple (3753) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\SubmitWait.mpe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Windows Media Player\wmpenc.exe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe

"C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 732b458319f59df0e8e91dda8925ba31
SHA1 9d8a1b691f3a05c2def5d2dd2469213e3772bce4
SHA256 804e300c07a20a833bbf8a796786b07ee989ea26f1ee366d680f124968bbeb6a
SHA512 34cb691e4c2bc33c26dc61405bc89795095b3031256a72b681118697dc8d4f0175b8e7195808f326ba2af4be5758b48d373be417a96b2e71bf60687d376e2f47

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 018d69fade3e0efdb9c7e57947d6a458
SHA1 69e207cbff3d6d57d3fa16ab4d8898722b57b915
SHA256 66306d12e3f4dac301f08e0ea21b05ca6c3cd2e05f2c8c8d87319b752f3d8acd
SHA512 0635a527b879f3b1f0908b14b353bd1dec203a1d118361224fecd65b8ef3ab89a40ba885daa8cb6e6a0b576f80021e3a7c57cafaafc5ae6a4418c4fe11224621

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:42

Reported

2024-06-11 00:45

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe"

Signatures

Renames multiple (5010) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe

"C:\Users\Admin\AppData\Local\Temp\927ceebedf015542ff6e1bfbf505902a8c5bf2c99685ddfeff9b76d2d2f1e000.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 c57f279e6b227a253390be161c003837
SHA1 a49bcce445447524e99b626fccc2a1fac5b4a07b
SHA256 dd6797d4c1eb21e92bc6428522896d69c5f07f3da03251afccbeb0dcbdcbc130
SHA512 ce62ea47e210fb6e64db3656199dd45333a5d363f70999fc926b8d5f77163ec7244a9f7cc8c07d128a1fcf23844dc0e1308b8a538fbe4b6b92d829afe480d7ee

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7e5b3dd6d4559272eef3a3b1872c951f
SHA1 605054c2df35d3bbeba824b053c8333584ba2fd6
SHA256 1237d7e9eef5caf83c45ab8ec912eb8aa75955c8a446ef95d312ccb0879d4c2f
SHA512 106263e9ebc08dc3c55e8506ad6ff94f52c37957688e24387e87ff494f9fd47144f746414bb1b0abab47854e1187eab7558c3d5879660fad6acf817c227fbb9f