Malware Analysis Report

2025-01-03 08:25

Sample ID 240616-3jgd6sxfmm
Target 88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d
SHA256 88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d

Threat Level: Likely malicious

The file 88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3552) files with added filename extension

Renames multiple (5189) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:32

Reported

2024-06-16 23:35

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe"

Signatures

Renames multiple (3552) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe

"C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 e4881439beef2029cc8fbca51f480fb8
SHA1 1a75b33c6bdcb1b757826545b8ce85dda1c1dc49
SHA256 52570001b143df398d77d51cb5d4968bfb4629cf31732ac983795a10f89d006e
SHA512 0f81d0079b406e57d0e1f20cba7ba421751c250f6891d437b37b2e77d639257f1eb3a3e18f5768453f5bef42fc7c0f8f5ddd628446ab81517492e47acd8003c0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 56dbe35c20c2a66f5518253049536744
SHA1 75242ab1af7ddc61e6dcdc080f8fbc2e94fafc5c
SHA256 69a729f4c480bc381990fad4baccdbe84e6f3997cbd5fc04ee15889ef9eaf4ea
SHA512 e0eac610a79eb734a958ba68133fe9dab04a8d9b3647afb98c6543fbed4fecac95612e66d7a696b33d46e69aaa161b490e2abc25b781a22d769d3397d7882003

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:32

Reported

2024-06-16 23:35

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe"

Signatures

Renames multiple (5189) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe

"C:\Users\Admin\AppData\Local\Temp\88fb741b39ba8b55e870daa68c71fc7ad18eb802d62a8a4a81a14db4a2a4502d.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 f6b6f3af1f07de7b72d727d5f3eca0a5
SHA1 5b57f50c1e265ffd24b892f04e80863aad855d60
SHA256 4f096dc69a63cb7d8c9e5caf43c9a3ab4e99f1ee203d0b818695fb8819642246
SHA512 67e134e09b78eb9b1b39bba1a592eefb16cb3420d5eb98c5863968834bf626cebb1abd588f6eba25ba899aa1025f37f19ea5d1156a2133b06ddd6862297a1098

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 791e6460814d9db83932942f33a09593
SHA1 3de649da897fe40bf8e9d05019e0115ff91e6617
SHA256 f9447b58689896838ab07be5d95c5e41e519fac809cc9df987681ff90e7e7af5
SHA512 4c65c62e66568024227c53569c698bc8a01d73c24c215df34f53908adf3f55bd994d3cebd6f8f55c56c663573898f2d8235473ae542ca0df07bbc05d7d6752f3