Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-3gp9astcng
Target 88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc
SHA256 88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc

Threat Level: Likely malicious

The file 88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4672) files with added filename extension

Renames multiple (3453) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:29

Reported

2024-06-16 23:31

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe"

Signatures

Renames multiple (3453) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DebugTest.html.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe

"C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 d1ffc0cdb524724397bf5bc2f49ebe1c
SHA1 c981d839f3c5919f2bd9597eb72c4643d1bd487d
SHA256 af32fffae4fb320e95ee61bb90ff15c39584862c049bfdef144333993d03faf6
SHA512 3eb8028dbff795b9d4eedf0b2e5e1b2d9385fb9ab2290d0b49b2c39e4938d19fd133311fce0694fbc288b4f0fe707a2ef5aff452d8ce59eff17b1dc1acb872e7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 01d33f2a5020582d5cdaed99a992e637
SHA1 f7c6ac6a8227ee9e52d7704d05c98e2acf1aecc2
SHA256 39a4067fa60ee001e6ee5fa0bd37091db37d8b7470cc58ff5d9c402ee2484118
SHA512 afde37360949b4a7845064aa773325c5adc16ba9b53215654f29343a8f63761ed18ed61cf3b7562ca697cc09aac5e738cf1dcf60415511ffa0eafe3473215318

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:29

Reported

2024-06-16 23:31

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe"

Signatures

Renames multiple (4672) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe

"C:\Users\Admin\AppData\Local\Temp\88178d8f7aefc44e91a6ef0b0dab54bb9a62d9f535eb9a64fb9d3143bdd9e9bc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 23.41.178.82:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 82.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 6604f9138f9beef0814489d70d2dcb67
SHA1 e1997599224a3f2d909762d2e7166c722c937cbb
SHA256 a54cc187793f174988b4345f9c291f16956ee1778c5a9ae22d37cb1bd1fa84fa
SHA512 4876773e3a950a20865b960b4efd53af3ef7550034b692288867e64dcd045f25f106e1a0c7c56fb4a1f874b4e9e8666a277db6787481af8f6c0193fac39d47f2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f98f0816309db2219ec3ffd5e6f43c25
SHA1 c481477de9295dcf480435e602552f23d6d722a0
SHA256 d64f0627525ba7c74384fd94d42978edcf1fe679802883712fa0a67e73812007
SHA512 d60719621ed08ed185af8acc977963472134d40b2f0f76c2be637f5108c9f460571db1d22d43a27bc2188cbe4a5ee21f76ef4ff4b11833a2fd88b56c91943af5