Malware Analysis Report

2025-01-03 08:29

Sample ID 240617-alk6xsvfpf
Target 9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d
SHA256 9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d

Threat Level: Likely malicious

The file 9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4875) files with added filename extension

Renames multiple (3493) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:18

Reported

2024-06-17 00:20

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe"

Signatures

Renames multiple (3493) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe

"C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 f94e781f928aa27dcde8f04aed5bec9d
SHA1 ae41b38ecb01b7d179ea188a50c62d7ad4a98cd9
SHA256 45329e433c2d0add3d99e3a2c94e57e88389f4cbbb265e94d543f94b633d519b
SHA512 30c5aff6b43fc02374d5337fe641eeedca1334e986b3dfcf415af91ba78e3812ccd0224327e07f81422cf48bf55eb5495dd81149428b14d63151186cfa0652a8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ddb97bbcf5fa38a21ca440bf40b036f8
SHA1 ae04b4176bf9c1910f81158ae35d670bdd0782b4
SHA256 d691d5ef341662282f04787c52ef0391c9256a08607f77c20caf3082a8110ba8
SHA512 31ef51d06e2edfb113e0645097ae1b8e460090fd3f08c5f4e68d4d63c1079df44b7c77fc158182383c286e2ee362fd8bf8785e7301431f0707e535a6f033f7f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:18

Reported

2024-06-17 00:20

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe"

Signatures

Renames multiple (4875) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe

"C:\Users\Admin\AppData\Local\Temp\9c6bb6e72219e4be9987ad1a8f879e3787b70bcef39a8bb456fdbde177cf421d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 df50230c1117aec471f60257f3452feb
SHA1 c20f12494fed2935e2bb39fccfbea59122e4b755
SHA256 7c4659e2522608584fef7b81686690e08699342fc0b4e5cd34df8c5a6f66be6c
SHA512 01d8ea3552a6df98ee56b1e16a9c555d066b522b25d3dd6ca7a3f76804d5e0abec24ec2134032f817ea286543e7e71d93001c82cc86656e3b0916f85f0c27bf6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2588836dbdea417a976666ecce241dfb
SHA1 75930020aede408d0d6bcdaf827716097c639b55
SHA256 dbbe72060637807b405212d80a6fe710c78329d4ca60cf56e28852b504e2399e
SHA512 0956db3adc900e0174d0ed301a984cdf68a3b0f1eaa1147838593beca8bf12adfe4c458ba66ee19a6bf6ff452bb32a45372ea3b08caaafb4c2d5d29b102b6ffb