Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-bsyw2aga35
Target 1a3c6568eaac319a0c3f0527f2095860.bin
SHA256 e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e0e1b01f07c3bb5670683a2d7c73f28f0585834c3b2907b7b0498af762125783

Threat Level: Likely malicious

The file 1a3c6568eaac319a0c3f0527f2095860.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3690) files with added filename extension

Renames multiple (5181) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 01:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 01:25

Reported

2024-06-08 01:29

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"

Signatures

Renames multiple (3690) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\UseImport.xsl.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe

"C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 78724dad9a56973e3d2aefd1922280f6
SHA1 af4eccfaed429b2f1f338ef3ffbc87689d6e80a8
SHA256 3b60457dba74d5405f1deb476084153733652653bf35ae82366e9b08e085069b
SHA512 572c87004f5299d64a4a5e1100d709dfaa6cd2e6b1f343b936ed85321cc1532872c8e7397e4197235d2e53c9a31146416b2f9150bb4bcb0a03e097f1274479a9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 519b9da5513896afe6e9b652d76d8e72
SHA1 ed15d0e9a2b09dd93faa1d425b3fba5ec5b15630
SHA256 e24b53ae35437c7e4de9099a53fdd5c6f091ce887ca9233f9db10228a9d636de
SHA512 5bcac4ba3ac43a4b439501d74e576f9f05ca6fdd93c775157c58fe4e67861556db3d9c9d3ad8a28ffb9fe321e957e4e6d013cb2c9ca4e8a4c350854eff2ab7be

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 01:25

Reported

2024-06-08 01:29

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"

Signatures

Renames multiple (5181) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe

"C:\Users\Admin\AppData\Local\Temp\1a3c6568eaac319a0c3f0527f2095860.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 68146c78618ab82c615374125be7782e
SHA1 11660177dbb00a44d3de11abf0b4a79369d68fae
SHA256 b084d851b47c4ebc10218e1cc8ac231b10fb5dd40ea8b423ce23a366d6708ddf
SHA512 ebca48f62c4565cdbe5021b5c8a742f900785c95e8956ee234fa1f6c40b0e7b3cbcdcaab80cda7382969f9980c8aa0836f8818ad8ccd9e8c04b4dac959857a67

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b7e733559c62f2ea7900d331c68b05cb
SHA1 6eb15e4bcc733d8dfc891edbab7a73f5e16f03d0
SHA256 a4707b09fdf4bf70436ccce603b925a55faa0ee502eec7aee2ef95eca0b83ccb
SHA512 1e70372b24c31db01018b2465e509ffe4ce9e911780e43cef3bb10eda36bc03bc0a34241bb25542c089e34e1b2486af4108f90bd231f93b7130b24be21db755a