Malware Analysis Report

2025-06-16 07:28

Sample ID 240602-fhj3cabf71
Target fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313
SHA256 fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313

Threat Level: Likely malicious

The file fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3448) files with added filename extension

Renames multiple (5053) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:52

Reported

2024-06-02 04:54

Platform

win7-20231129-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe"

Signatures

Renames multiple (3448) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Defender\MpAsDesc.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe

"C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 55779ca0ac267a738dd4dd528ad1dad9
SHA1 f543ea0a238cbb1c77e3b6fe748608ad88b65e68
SHA256 c84e07a97ab8e22a1a1124dda0e4f5025de0cec8ee21c8509d407a02e6461f32
SHA512 9ebdc37c9fb688e2f9703d814f718c9521a481dc0a1ca1f99f246a71c953863ae40d01c8f0993f9eec8c1b061bc6252e67f28655dde0fb6fb46d9aa6ca7e6314

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7cb2bfdd80453256e736e3a38a1cb91b
SHA1 7f30140ddf7ba9e105f34da6b5e4ce5d7d452882
SHA256 932e9b0dff514c043066a1d96d7a2c88d33fc710ff34ff81c05da90df19a00a5
SHA512 8c4f1a054f663459a7354eee77b0962e68cc5fc4af6f553f9b0e4d1a5db50188c0274943471666191bc9c044b4d797498a314cc91d5b0260d28ac36c33c8fbbf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:52

Reported

2024-06-02 04:54

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe"

Signatures

Renames multiple (5053) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe

"C:\Users\Admin\AppData\Local\Temp\fc51b85b1131a48d98c677b8a9da29d78f6d5a71b0b51b829017e0bdb0b29313.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4572,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 f0478b0faf3f43475fcd9e8d6f9ecd95
SHA1 5045cae368e6ef77719db3b8cfeaa902453f69bd
SHA256 301abc82c4e8b52beaf2ffd466a4475134530afaa22bdd6e24a7b94a7f4a270b
SHA512 a330e2746201f2debfd85e63b3e97b1bf62176f780ac3fd6a7e8f23a8d1105755af3dc7b918482c5f3e701c501758db83411623449be9c3291930da043e2289c

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 4e687169913d6bbe2f40e48734d99bae
SHA1 d65c60f507abcaed30f2785e43268a8dbafc11ca
SHA256 81707b7ff13c16228944daf3c950eaacc82dd3396eb48e0ebfcc53552a6eb2b3
SHA512 b3d111e41164a58dcaee92eb3931df9458cebc817c3db707e2365739d141e43808da87cadda9273fef58c9b86be5701ca1972e689a60377b4444623faca862bf