Malware Analysis Report

2024-09-23 04:29

Sample ID 240614-b9z6es1ble
Target 9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537
SHA256 9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537

Threat Level: Likely malicious

The file 9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5198) files with added filename extension

Renames multiple (3442) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:51

Reported

2024-06-14 01:53

Platform

win7-20231129-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe

"C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 61c72cd2a302ef0755b2805f7506b753
SHA1 b0b6310e2e469b76b4a1c8b17e7271d798b58a7d
SHA256 45f499f8aa63a4c5f9cd6272b97246e828e4012ca068bff8249db2c414713d78
SHA512 7c7d66bd223c18334620ba2db7bdedb359e37751e0c5da9d0a4fb2934b468918cc5a9d1ea3cd88f8d9e824236fcc94724e6c1ff66e01a6cd2a0d11aa9d98b231

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 59404789604b0796fd97baa23eb7b7f9
SHA1 96926a04a65f04de3df89efaa39c9679ae65a0bc
SHA256 9e13c61cbec0c64b47133b9be4d7feb5927edc8a376419d70bdbd07b51c54bdd
SHA512 b810bc34d46eac5a13906f3bec1171489618c92ffdb3e109af629a4af6a70183d57b10965043992f0ebb920d9430ef5631db3bc7ebd65beab6f343ad7c94cb4a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:51

Reported

2024-06-14 01:53

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginResume.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe

"C:\Users\Admin\AppData\Local\Temp\9c6727aa8946fdc0d017e2b53053e563b4f13ca4e724a444df4f9047d79df537.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 3f441fe026db4702a9f10e0ade970c2c
SHA1 3b5532c82f4e35623805e59e938a1de86e85a18e
SHA256 cb50ff7cff6d9680981381f00b0cc7b6a3c54e428dd4644de4d9aaef186dfb74
SHA512 9b1fea9cd03f560324e7cd57618331c888512af6025d5fc00fa709a7779cf388c6b651c230cc567f70fb72a4a1b79e6687d2c7432a862ba3c1ab27bbbdc52c33

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3b5c163a5357a1c05f5130cf0aa22d6d
SHA1 70880c05aa7ac079b829a05938229285ce3c348a
SHA256 7a67a9b7895b8768e1ddc7d88b130f3f9084a2403c36b5c70da9a22a17536366
SHA512 a61b82b09b648ac5270ca7704f5e69b68618fc54a00bcebe8f4f3c778b84b13aba19e9b1cf0e463040ec3901bf06ae4eb4ca7e317cd23c522a4fda71704bc98b