Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-day57a1bnb
Target d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68
SHA256 d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68

Threat Level: Likely malicious

The file d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3449) files with added filename extension

Renames multiple (5090) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 02:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 02:48

Reported

2024-06-17 02:51

Platform

win7-20240220-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe"

Signatures

Renames multiple (3449) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe

"C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 1b1c48e9625d5bdb901af799c057d9a0
SHA1 34186ac857621aa926c861ea56a553462b15fcd4
SHA256 6179ea9c7d46588f058f4bc18c21d833689a0ed02ea48326a332b122b542d7b5
SHA512 dfd7f4b2cc995e2ab274f5705ebecfdc2653adea22e8db255a26161912ad23b31ae36e6599b372c80d498e04c1a4f08f11da5c2574cfc61b60c2270c2fef384b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 351a865941e85686f80100bcab8294e1
SHA1 f256981135678a456f7f11bc8fb8cd8139c9a2a9
SHA256 31f029aced5fc09d59435c0a1d65f88a2af481447609827f2b1e0cef0de92df6
SHA512 76ebdf269bed2a3ce966c347bdf25f7d1e7d94420d50e8a2e3ecd3a946dcb1c629f32ffaacd6c94af788a680e281b8345ed7768750d35a25cdb177f3a0c5f6cc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 02:48

Reported

2024-06-17 02:51

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe"

Signatures

Renames multiple (5090) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe

"C:\Users\Admin\AppData\Local\Temp\d6bc5025a3a6a4815331b9d468eb6ac9551ffd492cef4948fd5eade7ba315c68.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 0c95b970b0e78e75383e8c00a72ef468
SHA1 e7f1acc4bc6e7b5320e4a597a062d95a2202ab24
SHA256 2c76d57ec1887ce26c62a2e0c2ded15fc92e35a83cdbfbc1a056007e6a79abd2
SHA512 e1c39e04bb380a2248ce1697452d73fec6c418c572efbb651d276472660a6a5ea576fb1b9131aafd01308567164ff27748f4e59b2e98e3905f97904441bb5f51

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c2a754bbd6e2782ccd3aaeca52965a27
SHA1 7d04a8a8680f2cd7af5407f7078787ef0f3f8695
SHA256 199931630baa58835195210f4a5eb7c2d3639fa853363f806ee0e02c4d86eb29
SHA512 06416afdc6fe1d93be5eaea3f423ce36950cd8653b9e07006579b487f2e2aa096085d1e85983ed69e0126b7c75bfef7331188de01af0dd0c9f20c3f5d51dce0c