Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-ar9fpsxcnp
Target 8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e
SHA256 8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e

Threat Level: Likely malicious

The file 8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5197) files with added filename extension

Renames multiple (3490) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:27

Reported

2024-06-11 00:30

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe

"C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 2478f08e35b19790a8b8380041cdf1cb
SHA1 5d643b5365d20d21efc405a952becbac53cc87c4
SHA256 fdad77926153ee6e2b58a9c1cf10bfda79137b455d2809129fd98c219c990ca1
SHA512 40f30bacf2b8d93c2872a6967dd4f112f704293d819365862625d2100684220cff11688edad6656b9eed89c95905bc86d91e3895f0e46dae55aa1df6f8dfd177

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d37659fd8c90d52a2a27b4c9b0ef7d8b
SHA1 89a9e7b07cefd2b0c8698f4393621455b1d93272
SHA256 7c2bf8614adca501e7ad667138de39ae34986fc12ad6078a9dfea704cff18594
SHA512 41bc91df895d32e853f732e44779544df90d0725623dff5e4c842a64c7aefc4ec3f0c7ec7e4a911bd60c492ec82ca369e81e3d1cf05e9851cac1957d34ecbe6d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:27

Reported

2024-06-11 00:30

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe"

Signatures

Renames multiple (5197) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe

"C:\Users\Admin\AppData\Local\Temp\8c6977122211eab1f81c68ab90d650af0ee522ed49de18acea122826d262f41e.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 5f87e82f75750301553837272b2bcc02
SHA1 f3bb985a112495e5ad17a743ca3f130fff3d6e55
SHA256 698f8e946d21fecc1f0261a71567ba0da7edc77155f0349e5accf0706944cd6d
SHA512 136d0cf381576d189ff98487cc970386dfc65d191a7900423a21d3aa89bd49e53d036d552d17642d95b785b1be86510341ceb7f92acebeaf100868bd952b2872

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bdd9f911092468ae747444fcf7615337
SHA1 7208fce40c9be6496f16322836eebfc8012e29e0
SHA256 2651bbbb946ff9a56fe690cd290518fe79ec889fe89a8949af6e12fa0d3e8156
SHA512 157679c6e0b8fedccddc1d1e44d82aa3f0e57d8842b331682171aa45b654aed10316466d25bb9c58a99565ba9cf6c469af3e8b19429cb3f8707b9a55b2705093