Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-bnd13aygkk
Target a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a
SHA256 a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a

Threat Level: Likely malicious

The file a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3695) files with added filename extension

Renames multiple (1625) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:17

Reported

2024-06-11 01:19

Platform

win7-20240419-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe"

Signatures

Renames multiple (3695) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe

"C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 c7008a79e3eefbd9feb68ca5e13206d4
SHA1 f8a17bd8270411c9222ef5a41e420012c4dd8e65
SHA256 57e020d9b0422d1bda5807f4e9f2c5aac1cc0e406163452efada7877af990b54
SHA512 b759689ad0cc987d9bfdb889449393994ec6fa547bef0e252fdf542dcdee98efd099312f093c7d0bd89957558bd4f09df7868442e080d477ace02ed643f736c1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0cb211bcd79b8de34e91b5ea03161994
SHA1 a6db29c062a376976dde55acf6281213c0705ef3
SHA256 8b8ead17c4861e24ab655659d06b2882057b00ca8176b8c65af40a5fd6a83f6b
SHA512 20b16fb9472d44786a1ae2f9beffc7e7fa7e9784646e80ab2ec89d97c9a3744611b1803948513404c59063b32bed2076e0c17debdbe886994b1410ae3d5e9abd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:17

Reported

2024-06-11 01:19

Platform

win10v2004-20240226-en

Max time kernel

159s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe"

Signatures

Renames multiple (1625) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe

"C:\Users\Admin\AppData\Local\Temp\a0a652f68ba2bd3b397c1df1b4f2842fa104495620b3fc77365c3cdadd640a2a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 8d318f3093a1f827b336942fb1b677c7
SHA1 536f843e9cb659648b3c416d3596493963c6ce19
SHA256 8ef3b0ea4cdb9a804e0f91c1b07f1c7bad949385bcd284125e915b2b663b1e64
SHA512 acc835da188929465a2f44aa6e47a4262f93b10f0ece086f8d11611bc0bed592ccb481eed8154320f94b35929378c8c8bd5fdf3c8653d09c4cce1b4d8c7c4825

C:\libsmartscreen.dll.tmp

MD5 f5f7b648e941618472248fab54ba792d
SHA1 d99c1e3ab9931472bc93f2e1d4e834136f19865b
SHA256 be41f5c61b85ddcacaccfa17efa6133e088af4cf5042bef6a94e8f9575dc0148
SHA512 8ddf8f8463403d5bcf005208fa3fcb43090bd33274537d643491108d3e279a0c475e9892ebb65c0dd9db9f6f60907495e3699104e2a0d98ef5ce7746abbea272