Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-bqnchssakk
Target b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8
SHA256 b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8

Threat Level: Likely malicious

The file b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3284) files with added filename extension

Renames multiple (1209) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 01:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 01:21

Reported

2024-06-17 01:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe"

Signatures

Renames multiple (3284) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Mozilla Firefox\install.log.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\SendUnpublish.vb.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe

"C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 db3bce9fd32c4672a2abe6cfbbec8a0f
SHA1 82c06afaa7b96821f40b1a604580dfccd820cbf2
SHA256 db70845206ed327188e6b37255a4ae00bcf25de1b01009cf502fb80adfad82d9
SHA512 5a731a6bf53762030ee36f888491743a25f393bd29fa792a0bfe41faf8017eefbccb993b607c094dd38ea5a19c6cce82b8737c9e6fd10a915111c4406ed363ca

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 11bb7151fe2c89af3838d847533bb795
SHA1 1d7310cf75c5377f822ac77160e1abbf224b50dd
SHA256 30754279f06c7981763e131c2a445641cae58796b08d06c7fcc9e50efae33f2b
SHA512 2e0869d2073db7c5493ad86047259a4abb8c4e2cb44b175225370dfe83c8af509d6fdc068e8e65633c4ad7d3ddc9eadb9d85e2f178521f45585aefc15206ba36

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 01:21

Reported

2024-06-17 01:23

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe"

Signatures

Renames multiple (1209) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe

"C:\Users\Admin\AppData\Local\Temp\b676d0d010205e53575dad1dc8be4d7b24f71949e9e358e6239cb058c9ca16f8.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3904 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 75528b8129f77e961bdbbd0a9f29e7a6
SHA1 28e755d21c0a9504e268d0b8ad8c61bed8245917
SHA256 37896cb4eebea4bbc0f6bd2676415cc1dfc0a63c59b0bd39d3ce4374da46ec3f
SHA512 87ea9e4ad3a40d7d4453c44469511c6b18302508ca72152444d2073ddcc83af5034fd91bfab39859b17c45ff07d9214bf23cb82f3c97c3343cd2c5c2afd91570

C:\libsmartscreen.dll.tmp

MD5 2d76bbdb9c2bc9085701b3720e30d38f
SHA1 08e81ce4b99d1cc6da371e74d1786a83e9c70ea6
SHA256 76e536425b5c88f21143b43a0e8d34836ef8886e918689cd493c942ac8016234
SHA512 a35be8e111d2dbb67e7e3849ddb040508640dac04dead6ef8354043aab2c882d64c34194698eba604134c08416a91cb1e3d6c1751347b0ca1a296041034db51a