Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-ambzmswfkg
Target 88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578
SHA256 88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578

Threat Level: Likely malicious

The file 88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3761) files with added filename extension

Renames multiple (1307) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:19

Reported

2024-06-11 00:21

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe"

Signatures

Renames multiple (3761) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe

"C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 3510061952594c6266583bd8505af306
SHA1 a2df87dc6834c3370893464107f3aa2a4cbd35d7
SHA256 788d353eb7008c03da045d244e40afd527618e4c5c2087d8e2eb7eacf2c5dccf
SHA512 0a839b6a97c431a2eb11a9013e39c5f502bf05dcd6ce556d116f92ed24391a32dc70f2c3afe4606727700300ddc2f1ef3cd12ba95237ebdca560f2ba1d616b80

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4ec38792a8d343be1356936292c75e43
SHA1 d512596c34ddf65eceec24d4d24ae717cd18b7ba
SHA256 b1a6d8f4c964bcee3dc8508c1c5ddbd2e074f2da06856981acc1c5be7fb403f9
SHA512 78c16bdddab17acf629d5695b4fab7bd36ad57c6ec278fd1073a6671347516ec44662e761a8c77840ffd086e98919f16671d9e8b048f4e6a6b1537efbc28b965

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:19

Reported

2024-06-11 00:22

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe"

Signatures

Renames multiple (1307) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\ConvertFromStart.vdw.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\.version.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe

"C:\Users\Admin\AppData\Local\Temp\88c280e59c3623eb4f25977be93fd2087b50f339f6e587f81b3f20f36dbc9578.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3276 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 5f561c1d5730978ddf9e849024b7f875
SHA1 683a6cce52be3b23271796f7a8012676ba0e90b4
SHA256 2ca51a116453afde57603e7554cd728b1136bfc1ef4bdc2213c54e8d235ec548
SHA512 0feb32e96807ddfb62e5c2cb57f5ebf02dc4ee1b842bb2182ba57d841bce2bfe69c8df99b0821d2d463e36968ef433900ea88a23d9da861ef683c8505f1d5704

C:\libsmartscreen.dll.tmp

MD5 2348726aee55380cf2d5f3181235966a
SHA1 c8d62f777fb7c1020afe0da0b49a1ff3e9b2c799
SHA256 593197605bbeede18a17bc7a9bef396271761533a00e833101905d72dcf13c3d
SHA512 af574c030f5fbdaef5c920fe18e6e05ed3f0e795a584705e390224654aaf43b43dba34fd63ccfaf0b0022692a68fae8e5144c59196b79fd5b0ddab3dd8a80ad1