Malware Analysis Report

2024-09-23 04:38

Sample ID 240614-dhh4yawgqj
Target b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c
SHA256 b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c

Threat Level: Likely malicious

The file b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3442) files with added filename extension

Renames multiple (4842) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:00

Reported

2024-06-14 03:03

Platform

win7-20231129-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe

"C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 1892bd8c94a0329d29ecf6be4849c51f
SHA1 f4d696af45ac7bd2c297706220713cb8fe67edb9
SHA256 dd37fbfd782b0b75cc22c667f0d7123e4af83c1086bbd894c898670589a912ea
SHA512 5469974f0b03686ca560e7a42c45618237bb00c89c57f42a50114e6dbe616b27208515627c95b2ba5e5071c4c088b27894ef0755eedf1f72e193a3e2298fdbac

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 82c3f6da388971aac58d6ce72d2a6c8f
SHA1 c8f0b0ec32d9306bbe9ee673bd0196f9a6c38cc9
SHA256 74fc5a96e7f33d1dc83226bbc6b4a0f653334d5c5a6394bbef0025489bc86e5e
SHA512 2e8fdc6f35a9683c4c343c72a22bfca774434d83d81c89d2f67cb2e4d0438e9e48017f0b9ffa58e7124987e4d2c87a3dec261e63fa7216c4785bf3865037ffe8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:00

Reported

2024-06-14 03:03

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe"

Signatures

Renames multiple (4842) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\DisconnectUnpublish.3gp2.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe

"C:\Users\Admin\AppData\Local\Temp\b485738c131fb3a736be30f301a8a8aad4b2c677a8a9317b284806951f924f8c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 6a639085c83ea42a5701d4e70eb9bdeb
SHA1 116f71fee75ac9a33813db2914a68bf22372905d
SHA256 7033f7c0331a3b0b80835c0b3002ebb3b38fdd92169e24a646843cb9b36ffda5
SHA512 b0d94641c9efd60b397358a7687c3877bc10889bfdce1d6222028f3d0a904c66ef5a88a0fb95dac2cbda40eab26e68bec2c81077d0c4f37026f0602a23f8e3c7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4ed1b287410c4d7ad8b6a28c3c5bb129
SHA1 a6538bed55349714452829e9a8c6562dfe2bee48
SHA256 5b2a4b00b339d66dfedcc917b1f1161055d9f64a3516e831d88930edcec7f607
SHA512 97c23d380584ed4c53a03b33efcf3209290847ab6566bdd8d2323d9127bc84b385c09f3d8d0f4459ce9db840deb8c1c11496375fbe5ea7aeb5e781369986695f