Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-a28l6axckc
Target 929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d
SHA256 929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d

Threat Level: Likely malicious

The file 929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3614) files with added filename extension

Renames multiple (5198) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:43

Reported

2024-06-11 00:46

Platform

win7-20240215-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe"

Signatures

Renames multiple (3614) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe

"C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 92180684982aeee01b130ac02c000a29
SHA1 f1992f740971de37d4f32e992f83f02418096e39
SHA256 b3cc642dd882f8ccc76e3904ff7a3bf23e7bd03f66b982b458b3160e3dd9c7c4
SHA512 5da68850a1833f2014e6ca85b2bff0141b8f4a92b4377ccd2a3e2fcb09408b85a9fffe09bebca5dd9a3bb0da2c731571299b8cb0e73d1c9a997ba977bc3bd29f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 09fbe98df38b21b14b220da9e24693af
SHA1 e0ced311ac19a9295b316b6c55e5ca00e80ddea5
SHA256 7ef8e5f990f6a978a9a0b3c8c021623dc336cc12d98256ad1f35b211f5755a70
SHA512 1c7e11c8d374428c60d0353302765a8bc7b26c23d010cb0bdd22f8731dd131bde7fc22d2f9132918c814e787de3db1b78565d2578562ec73a87af2c2f00c7294

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:43

Reported

2024-06-11 00:46

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe

"C:\Users\Admin\AppData\Local\Temp\929e92537ff446e932a1fc1662d8baf8d969e58de0b129ce5d1f88ce0517dc7d.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 2b99a7c554feb658e006124ea92ace75
SHA1 0046d3dff168e47c591fcf7eb2fe66565d6ea686
SHA256 f962815dfc9e4b330cbed1abe4b173f38ee9333e0406c18d288797c143688bb2
SHA512 e5ecffe2b4a58eae120b59a65ff84c0feeff297ea1928d4d70ca072f08c76dc8094b1623f1b807322729f4571c49135d567d1dff3c8476fd0f40b4d19eaca0d8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c728ed9f319593b3f71ad2191422a165
SHA1 7869a4bcbe3ad0e793ddf3a0e6666cd02554708e
SHA256 cc15d653b767e161873e3bdbab99346d2aa5ebad81078524f4cbcad117ac667b
SHA512 9436e3b7a06f5b86f6f64cad1cbb78a88c86a729ddcb51923f1b839ef30c6c858972d8ec2d060b0b94e09ac04ab9a3534464a139eeafaacdc47a334cb4fee174