Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-by9kqatfjl
Target 46d4c21955cb77060118c88dbff5dd90.bin
SHA256 c860c22be43bd97c67ea9d6d42aa727dea17fdcb85e02222a9def154162d5e65
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c860c22be43bd97c67ea9d6d42aa727dea17fdcb85e02222a9def154162d5e65

Threat Level: Likely malicious

The file 46d4c21955cb77060118c88dbff5dd90.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4857) files with added filename extension

Renames multiple (3797) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:34

Reported

2024-06-14 01:36

Platform

win7-20240508-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe"

Signatures

Renames multiple (3797) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEOLEDB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe

"C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 f33e8aec60eeae6dc0bc32e451ffbe3f
SHA1 939ff72b3b03d90815fa41844be079b0f09d8db6
SHA256 9ab471e925ead12ee3af72cbb2c8538ca07377cfa12da0295d792f550c9fae7e
SHA512 b545fb0bedc538371ff94637844d9ce9f14c803b8a77dc8a75fb55afd4da4b872c41b7fa27bb19783bb131eaa649e0e191e151762a8587ada0e5d831bdc165ee

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 da1c5a71a1658d85630638f8bf0e6d11
SHA1 54fb1f0553573b9e3485f10f1bd6af7bf8f8b39a
SHA256 4e2a77fdd42ce15b7354998a886fd0e6e2090be44acff3cfa0459efea7123e7f
SHA512 43a3bf9c815632f08b3c668482b2686b3f1869a77ed293c27c19d1abd4e550faa726ec12dd01541104db2367ccd745366d96fb291cbb802f12ee78771385085f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:34

Reported

2024-06-14 01:36

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe"

Signatures

Renames multiple (4857) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe

"C:\Users\Admin\AppData\Local\Temp\46d4c21955cb77060118c88dbff5dd90.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 204.201.50.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 ecd5a9f4f73466f677664b2ff3299815
SHA1 2b5352807fc4ddacc6fe2b73a9591d761d916e97
SHA256 bb5a29127e52535234f1e045683bb22c3d8784aea92e8ed0cea0cc83fb2e63c4
SHA512 e03f6587181504727e28e484bcb88e591ce14ac93a4cb46a3e9ba152fe97a08240c93f161b1bdb26cc26255aa3aecaf7dd7b8918e329a8e042f59c05805a9fe7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 668b77e1700c3934a062dac6d5ed21e3
SHA1 c9b90cc5a61d07b1d02e7c27b75889c723af1f55
SHA256 f4ca5a30c5b3b293e64d8300d718cc512a0a836c193655c0db31327af9e54612
SHA512 52a2564151c94cf78413ce3fbb532a779c7138c5a5532a792b0481fff31f4481532ebc330f29ab1753763f32d792732d161540ef263d1372f7e269bcf75805bc