Malware Analysis Report

2024-09-09 20:20

Sample ID 240613-2pbkfatdle
Target 50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670
SHA256 50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670

Threat Level: Likely malicious

The file 50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3438) files with added filename extension

Renames multiple (5195) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:44

Reported

2024-06-13 22:47

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe"

Signatures

Renames multiple (3438) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe

"C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 a269de1728fedf10f4f9e5f5d8c77e71
SHA1 b660e5dc411ec38f6b1a15e9d2e622798a4c6ad7
SHA256 41723738e54625845e355dbe8170ee25529d80d9e4725fe46ebf29e7c966a1dd
SHA512 058c5629c9d6d80971087c11075f4e051144474d0ca4bc039147b1e7604a3e7a346ced14a0a2942486b24b8b5e6f7a633664a1f0ab918c7204b75863db441835

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8acc55bc055f999a53f3d0a5060b9e0e
SHA1 69e85e00c0300d15c08f993887bcea91de6c67ae
SHA256 9208dea25b2db9deaeafddbb88155accc1918169fcc98de22d545e9b1879c1c3
SHA512 0e5200f7ccb55c5b162334891b81ca2c4af14158d88c6a49929355cefb1ed990523c71437a460e633841b804aef5e167231e24a3e8a7b9d2110524ff4a02289b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:44

Reported

2024-06-13 22:47

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe"

Signatures

Renames multiple (5195) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe

"C:\Users\Admin\AppData\Local\Temp\50097380b22d9bd07af5b830fa875eb2a0e9f0888a2a1194ef1a1dbea4449670.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 047cb1234213b951c89e4a513a1a2465
SHA1 46cf1fcdee9dd150efd25b9ca07a74676503440f
SHA256 ecfe5e1cddc11b0571e7d57a66e22607d93e9da7810cc040144de1759830dcde
SHA512 54c240f8fcc7f78d203df32358b9eba64771c0b704cb16c8707749b613728693508d90b261a27e29575a34178648ffd20b15918e488ce0ec4a767d5dbf496b1f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5daa2b28e4ee55326a684ce34de9b50a
SHA1 fecadfc64583b62c0d99ad95f9d88ea24f620a4b
SHA256 fd22c54fddb0cb5f162f1772cf995d3453e1d1d19de35ca473ed511017d9611c
SHA512 ec5008e0b97ea235edf95cf9ddbd40e291093a6bc118bdd53e30780f690d63b5dcf15f638b694516db30b5495b692bfcf77af3446667f16075bf3760b90ce5df