Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-amq4kawfmc
Target 88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f
SHA256 88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f

Threat Level: Likely malicious

The file 88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (653) files with added filename extension

Renames multiple (5193) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:20

Reported

2024-06-11 00:22

Platform

win7-20240221-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe"

Signatures

Renames multiple (653) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\AddAssert.sql.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe

"C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 b2df17d440bd267763536617b8027f08
SHA1 463d594e7f5837b7d12f6083a2f614995cb2d5fc
SHA256 3d57cb5f04c21612e4dea8396117b607b627630270c39c7e90ac2d7f0102da6a
SHA512 086f657f66951ef261ea849f300e302f7548827d1c905416ded4cf942d85708897a65deba152c07bccaf72ea5409ec63b9db59d5a40a04143451ee1d3166bfe1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b00df95bba548addf9ab448336fd1388
SHA1 e43c1288040774f32f393f1cff81d629cfa73f62
SHA256 07809bd92401fdf3bcaa42427f5d6ea1ffe30f379dc03b7463fe2033bab42a99
SHA512 e1b5ccc69c4494cd153ae777eebf5135e900a56c2c51d3c49499a35d16dc3ddbbd6ef068d199e639ae6dee84de53eb92a1d113e0506105059ba1018f0d3410e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:20

Reported

2024-06-11 00:22

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe"

Signatures

Renames multiple (5193) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FREESCPT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe

"C:\Users\Admin\AppData\Local\Temp\88e80c205aa91afac6d5e8d8843f0a23ec03d01aac7b8b4dd606c5baafb24a3f.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 e6a7da3fbc29c0afeb287103cd10b712
SHA1 be7bfb326e9ff073c242a521e455e56040141d82
SHA256 4bdcaefedacf95842c3634310c94ea2d66ed895daf61bb26674e6785d124ed15
SHA512 72e13ca5d982cd53256a55a5da4677bb5f850143bad1d40f5cb62dac7287381c7a681944c5bf52db0eddac2f97bcb77c1ec2f8ede16214a6603f7fd5c97337bb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 46891b33c538492f291bd3d201b2e091
SHA1 d7d91040737d215b52b937bae99bc810fe2b1d67
SHA256 9267de62b1e62c7df85a33bcbe3d3fe28b22d65122798d59aa8126fc1d4f0f4d
SHA512 52ec6b6fdfcad6f6cc696b624fbe6df8d947085409da62486bcba900ad402a7430a06936ec285996fac6010da23ff73cc1cada08877e25f390cd7bc1d26c5b69