Malware Analysis Report

2024-09-23 04:43

Sample ID 240614-bmeafatakn
Target 8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5
SHA256 8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5

Threat Level: Likely malicious

The file 8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (808) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:15

Reported

2024-06-14 01:18

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe"

Signatures

Renames multiple (808) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\System\DirectDB.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe

"C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 89ce424e3cf23927a5c5a5364ee5b63e
SHA1 33b59e7b82063579f7ec18984a65e6e92bc487ae
SHA256 746b4376062562bf922c8b7fc46c1fcd2ccaa68eab2600b4be35d5a24b4cca41
SHA512 552eb5c6934e50f0a2069ab8e6b0f6e7615d928eb8e0648695bed4ead55a047b20bc5ad3b54ed74ba99b35e99e1dd29827dc8c2f345c6b939d00d3538a0a9ee2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 abf4f7ba9b3443af5f9a893c86162c2b
SHA1 463a74ac0e0cd4dae2ba81707e79a03fe42344f8
SHA256 a7568955cbdc759f4794e5bcaefb7a0f39b52a78962a59ff0c58caa8f88ff95a
SHA512 3e27d574950e2ddc6ca44d6d27d13feb8288aa67bbe37198cfadfbad065cde06e7fc12fe55bdc4780b37ac51c6fa491bd5c8c208a94a53d1459dcd69c56c5899

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:15

Reported

2024-06-14 01:17

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLCALL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe

"C:\Users\Admin\AppData\Local\Temp\8e2200c4b7f1c0ca280541dfa4329a32555f14e5e64c8a5d7fd12b1b78f177e5.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 d7578f52464ac593d1c20db9bda4747b
SHA1 0dc8288b45e4646d8756a0ba23bdf0edfe61b596
SHA256 9acef07d4884007592c30e10f167fba2b44d447aba7cde2b0786d7c8483fd702
SHA512 74b449f473b0745470092f56cbe5e50c5a5b80106ffcef54d7e847c9dafbb15ec93dd3f92a2073c3c3ae7dce982224331c1b9557f2fa98d473b5665800ec4641

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 07041a8bee0d6cbc50ed3a48cd346902
SHA1 4dd968133792b20e070f5bd235af99e0d39bc253
SHA256 4c90d94893ebae1583ede84749949620c012f227486b5d9796b9347812e99f57
SHA512 00b8bdca834095489c5fbce808c787d42ee06310d082869a383700e542ccc52be7bf9e8f0b14f82d389961849500e34d8492c7168c68f6899d123539c203b3fd