Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-c3agvs1hrq
Target bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793
SHA256 bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793

Threat Level: Likely malicious

The file bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (596) files with added filename extension

Renames multiple (5192) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:35

Reported

2024-06-11 02:38

Platform

win7-20240221-en

Max time kernel

149s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe"

Signatures

Renames multiple (596) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\EditUnblock.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe

"C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 460a69c0f8b57eb07064b65ebf423165
SHA1 cfb3ac42c3d7c4c9adde9feb35570e2ee0964740
SHA256 2e9a91c47f88c9be3b2f756447dd6cb2ea1df4cc8886da1f9320f91d9494dd33
SHA512 ae6221e36c44d3128fd15d08dd82c2ecdf43b594d7f8ddd2e9243e188ad570115b61a9e2b644767b87c1aa9ef353c08ffb01421fc81d76db5ef6e14b2ca6a7cf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 953286824d7e6fb2c738bc8238614d9a
SHA1 e1678cf380d68ff1638331ef300188686e11986c
SHA256 ab14684a123484eefcd4575c3dd37f0e023145d38990faccec6e1dba6911157f
SHA512 6f52f50e0785a6f7078698f7cbe021a87399bea4b4c7b6b31f030a495eba2918ebe2bfc4611aa2d1ec81c087800c3bc36a0b9ae3007c7060739d420c1a42f00e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:35

Reported

2024-06-11 02:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

55s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe"

Signatures

Renames multiple (5192) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe

"C:\Users\Admin\AppData\Local\Temp\bc366b592f56a02f3b559c181eb5d22496ce31a5cf0bdfa9c98924eeddd98793.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 6d29f6665f1854cc8cf3fa207d6f8273
SHA1 ea21f666552dee28fb1d6d88b03e990b1f55c605
SHA256 bfa3e39c92eed64806a894c63ef08894d1870a5cbdc85370e32357aafac87f2c
SHA512 0693239330d86143cdddd2cb757d238f6e3f3330eb623ea1200bc3b0f8b3c96bfcac8e1b403a8c726a7a46309ac7382fabbeb82f1d714b120c2abb41cccc9ab4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8d7f05854d5c7b79fb8703421a9aa784
SHA1 d7b2d275cce8710020e9a0d2867fceb01df762a4
SHA256 5ac45f14e2882adbd47b88801caa6b3752b9159e6ce380bac42e47c2049f7d2e
SHA512 e3b2d750a93bba3c78fedc63f994bd4717491957442385710e08dc93da4084ee2611563edcfe63fc705625663424f52d37b22b0b48399ade9c594cf8baf29943