Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-bnq1maygll
Target a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22
SHA256 a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22

Threat Level: Likely malicious

The file a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5204) files with added filename extension

Renames multiple (3784) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:17

Reported

2024-06-11 01:20

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe"

Signatures

Renames multiple (3784) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\RestoreRead.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\MeasureMove.ps1.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Mail\wabfind.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe

"C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 d3cb3a6ac3621c32cbbc0e3eab7705a4
SHA1 56aeac5f9a4dd316b76588987fe605595a72537d
SHA256 a88e897359a0b57c6be4afc37f77c93602e66eaa5f879f86842512c2851adf31
SHA512 068ffa32c536ff1a1a95d6baa5caa2c74ded87f1da68fb448ce4b02ec978a38755d2e7607d19e51c3e20f02bde7f006a4dc16e85870ce5d5b15ea3993459cf62

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 776120de9348547d39eca23ef19d849a
SHA1 304b58744daf5c052f73d29a85da46167ee86727
SHA256 c1344a5ac9d3ee3df04dea5638d763158dfae1e048b93e900bf2e01825313740
SHA512 2d65f7bf0dba6a22f2f8e66eb599ec3a77a00930402198cebcc128d62e02cd7d73aef9a12e5e87fcae1517733c7f78c7a16444b27cb21373267d5d95d0230952

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:17

Reported

2024-06-11 01:20

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe"

Signatures

Renames multiple (5204) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MISTRAL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe

"C:\Users\Admin\AppData\Local\Temp\a10c615405e2988e2a0527f1ef1bcf976ec120b87c1a2f45eb03f7f7fc4d7e22.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 6e16f2a776d4455967f7576255eb036f
SHA1 4073f0b874485d87dd4903628153b76956b09758
SHA256 7fde9f3d44378c22ee8dd1a35fa564418f3da95ab3e4f70e2040d83ee124876b
SHA512 fe87881868eb318605588c0e8329fc07165cb68b244884aa177d19524b2f0f78c27c1f62678e20e5eae69313594b5775a49ed5737d0ecadc131297e5c2036ce5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bbda18e6e2b4f871828e01986722c344
SHA1 f955eca0a43778616da371001e1662200fbe7ea3
SHA256 c8347aaf26f58f2def05ddfe36fdf5e0d08f0acc4414bc8311efe50ad12df5e9
SHA512 c0db40cb1f2c2aa99e70afbb880158fdec86359264533d00f3dd2993a70df1f5a07b28806ca2766c9b84c52e53c22511be52058ca76f0e678b32b3a8f9fb7410