Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-dhh4ya1hlh
Target c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862
SHA256 c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862

Threat Level: Likely malicious

The file c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3498) files with added filename extension

Renames multiple (5037) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:00

Reported

2024-06-11 03:03

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe"

Signatures

Renames multiple (3498) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Journal\Templates\blank.jtp.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\ShowInstall.pcx.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe

"C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 6403de3166f77d7d3c23e20abb6612cc
SHA1 aeba33ca4e6de0e3f1800af05af91e01c3e028a9
SHA256 320e6608dcc1d8fc0beba1a648e6df12ca618012982a23365cd914a7a76bea14
SHA512 bfc7f4181c05624d5964352a45ff051034d905de0de34594ab04bd7e4103efb2002d3219a284c0de19c9505d4503958c1117f29ef36c70e1ea6a1c4374de5a61

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 85eaab33d3ab10a0c23cdbcc399a6f97
SHA1 8e1a3b256581729f6b49539f4e766709097357cf
SHA256 14f4dc45ab82a87852e22a03a064c68a4b5305459c2d8390e3c5ba79ef75e0c7
SHA512 300199ded045e029febe5f398d97dd2fc7337a54121b59b1d671d9ace98cea7699be5140aad612108694b3af085b73b8936e7e43004c6ba92239b1859a1bba75

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:00

Reported

2024-06-11 03:02

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe"

Signatures

Renames multiple (5037) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe

"C:\Users\Admin\AppData\Local\Temp\c6e99f741a3e03a0fe0fcaf51de12dc82fdb0e1e52f8d0ab7503cc3d115ba862.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 29c5d8469c86c078aea3c66e72fc3ae3
SHA1 62bddb1001b92f97ce0ed27c0e2c6cc837ed71f8
SHA256 e93af19200b36bc9b8f83d6cd9cc7822ca0f1b04b36b9c9ec7517102e594c9de
SHA512 25b52465f4b97025f81a2ba9612f3b91da11cebe75baf29fe56088cfd6e291e72ee47699801131b0c376228dae98335c63c54618a4980112e52850e55d14a465

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 99ea3b440b0122f3dcffd95b5aad8245
SHA1 991e00b65668c14006fd7830ebef5476d9cb575f
SHA256 56bfe9764461f6bda0a9742dbae3e381846c86cfca2eefe2ea72e7ca77960557
SHA512 00b9c474662c9fd41606a46e0458f8ba8067955de94c7bdfb473e8d341f90109341efabcf9f0adfa4526038e18e6b4e378403a8e53efb705a2e72c72bd289ae7