Malware Analysis Report

2024-09-23 04:29

Sample ID 240614-bj274asgrl
Target 8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c
SHA256 8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c

Threat Level: Likely malicious

The file 8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5192) files with added filename extension

Renames multiple (3476) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:11

Reported

2024-06-14 01:13

Platform

win7-20240220-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe"

Signatures

Renames multiple (3476) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\ClearWrite.scf.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\SelectSync.mid.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Journal\InkSeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre7\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe

"C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 1d9dc1c61312c219cc4217b5e028f119
SHA1 8a786be2bf40308ad3c6bc9177017ff55a1e9319
SHA256 fa1f9fc68335b51c11a976e59f93bb667e3fdf6439d066859c664b7ceb2ee1b4
SHA512 e594ba1bf0515076b93c14485f616ec4a88f1ef46f60b86ac1d3dd64fddaa642fcb1854ec568f22d7e113d49fd9d06669a3a679e00075e554c8530dec6c5d2bb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 920807fd9c7ff872e80f249367f5f383
SHA1 ffb5898dca5c5230fb465666581c2cf3f97a3b45
SHA256 6aacf6c11ebfc5ba18b7c49aae7ddb7bdb483b4faa18c1fe5d0f2cfae025b814
SHA512 a14752e05eeb31c6c12c0e4c38391e0672ad2a5f00af63c3e0e0ff89ebb87ac23f2f3929c19931fbc36e4c4d6c56c836cbda985f0bb9eab8b32719e52a925656

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:11

Reported

2024-06-14 01:13

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe"

Signatures

Renames multiple (5192) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe

"C:\Users\Admin\AppData\Local\Temp\8cfe0586de28b53c4413cb9e6b192ff1c642259588bef0a3aca8f680f796ec1c.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 b20b075e006bbed90d87e60d6cfdb5bb
SHA1 3fbc12466178964a579a14e5145c562cae0724fd
SHA256 37de7b45c4a42be34ed66e4737f29ca668e45cb44d3158987df760f69b3f597e
SHA512 8f9f755dce29bd911a29211a67852ece0c4caed0e409fb4750765a7e7fdc8d8108bea08bf795693c86e49534a9766dc0ef139a53873f249a4223c0ae7613a9bd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4ada8e35abf9f91f21fcf0a93c44bb7c
SHA1 ceab6033a13bec42874939f0455c60c62a29286d
SHA256 99ca843c8e4a339f623f91c9d7b1e6eacb1503ac6709df74bddcebdd4a7a2976
SHA512 86b818cf52556a60c4b48fba0886f5b0994b43430d21187630903e4e1c63b72384a83f274ef395c34a2b67d8c68e643cb6a7088176c6d93f3d1795c9ea50354e