Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-c43j2a1dmd
Target bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35
SHA256 bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35

Threat Level: Likely malicious

The file bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3776) files with added filename extension

Renames multiple (5360) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:38

Reported

2024-06-11 02:41

Platform

win7-20240221-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe"

Signatures

Renames multiple (3776) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSSOAPR3.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACETXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre7\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe

"C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 de2253c52a16f6807ad5e15c395d1f34
SHA1 6fde2380f182f2374e8e4d12e61532b847324baf
SHA256 21e3b7c0317895aba2629d1aa7be0cb63a50e0838132962d8582e62e63a42947
SHA512 65f33492b39f132c7e4ab4e8809c802dac584b1620aeb1ed71df8f7b9eca1d4eaa89c80cbf31cefd6be1ab275fe1b9579e05f2f72786e0fb24bb9198566236bb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8d439c38d1855b5509668c45cfc52b75
SHA1 96c04d45f60a4598d17270162472e9b2a0c41cef
SHA256 e708ec315220f36871ac769d4cea0929493b627db77b018dce921f97e5bcb9e2
SHA512 f7a11d06d3d8654496fb45c4669924ac7c94e0e5455a255300141a1479132d35b74a5220e2620f9966d94a3dc9e6e5c8bc03884f2730c57fafcacae6133f0cb9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:38

Reported

2024-06-11 02:41

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe"

Signatures

Renames multiple (5360) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe

"C:\Users\Admin\AppData\Local\Temp\bd7a68996ba5debcbed8d2b0b1982d3c63a7a647f3267fb5aef3cc8a9d73ca35.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 a04387c9d895b9e9b5e38807472b99dc
SHA1 cb39eaad944ada93eb9ceec096fbfa538f7d8364
SHA256 1e4f9989ba74cf8f4c80ec441b76a2dacb3b39f520432c340c85b5908249955d
SHA512 45ac8d78be2434f03789f767bc5cb4172aac0a05a71529f7c127414258a61b4e529ca4c89859c4ea7e27352040bb46972055bc9db0c40739670d4224534a7af5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 23c087120b37698a6cd9a5c982153e96
SHA1 875e2d4edd67faf0b5d15e974ab5c64a30ada641
SHA256 e21c1bfc42d72ff288cb83048cd15149235ba48d67f60c16dc17faee729e9051
SHA512 f794d695d6e65107f731764bcf72e05c4fa61460e7faf3b21d70dabc83b8003b9f25879c9b9773a2370471fc95bbea49412bda5863f73ad7f7e5f421ca8019d3