Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-a1jxeaxfnm
Target 92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af
SHA256 92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af

Threat Level: Likely malicious

The file 92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3729) files with added filename extension

Renames multiple (5200) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:40

Reported

2024-06-11 00:43

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe"

Signatures

Renames multiple (3729) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe

"C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 8ddf8659f0cf4b39a0d9d5c8cc3d4839
SHA1 e47adf5750854507cf6f1aa74684f0373bc222a2
SHA256 66c595fd40b6a6960bfe04611bad15d18f06a14f5615411ab580ccae39f08554
SHA512 f1949d5b704520381dd6d5294805662fe94771f054551a0cb93c986106b28ba499b27f099270fe6e6d816d7e96cbe0accea9a9f1dab3c7b9288d563c085cc49b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8a6a135f5632d29a504e56d677e957a0
SHA1 9484993a8f626f45ba47417ac7d6493231482506
SHA256 2c1b85711d1f51dc6efbde30a16bf96cbea554b7b7634bc66d12b402dc82c506
SHA512 06c07012bad7dd7288f220609d237338ab436bad37547f68c86565b629844e143aa16c01eb7fe490433c5ff595a8a2a23545fb0a163e5463f1ec29b9ff194056

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:40

Reported

2024-06-11 00:43

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe"

Signatures

Renames multiple (5200) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe

"C:\Users\Admin\AppData\Local\Temp\92014db5b2aa193ffe792d55a8421d6c50f919c270e369e324357ec6159536af.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 267d869d5e5d166496fb62fed9e022a1
SHA1 c559a943f9eb7cbcd51c5af34d80405800b1081e
SHA256 ef7a044c9e19118dd603ca0b7bef3502c7d440f5241f58ee158fa228a6856b78
SHA512 66488ae2024dd8f9a4f178e598c4c4d409f20b5203bd186d13be2d99ae406b252baabfdf3b52de0e2d0a995f5d38b5bdd79cb8a7d367bfb87dbb3ea1e2c889ec

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 33b373643eb41e0972559ba597302fec
SHA1 6fc765cbb613918ab0b4ec382a27ce119163e944
SHA256 4180b22d0016faa2419911f1930dbcb39da980c042f474f1e486f84b3a7f713d
SHA512 56d9fd7371e7487dec7baeab09ba5136d8776571d74e1cc2366cd43571dd6fcfcf1db9a4eea76f6e6287aee633aa84e92335b2375ca1c263e149ccb06898fc01