Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-dtk3ns1hkh
Target e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243
SHA256 e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243

Threat Level: Likely malicious

The file e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3441) files with added filename extension

Renames multiple (4867) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:18

Reported

2024-06-17 03:20

Platform

win7-20231129-en

Max time kernel

150s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe"

Signatures

Renames multiple (3441) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe

"C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 dfbba4e086942f91350dff3afc7cb74f
SHA1 02ed09468ebb680fe15dfad6e684abce9869c7ef
SHA256 dd3f585de7d5b3cfca0fc91a5218c476d59b3c501482ab070e4af1eabe7025c4
SHA512 5bb63dc6f5ad748c7bf02703c653b174b4dec52d398b4b387f57cbe294c86aa504fd45f841db90d3f2f40904f135c95feba443181a6e282b5b3e59ea43fcf6f1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 02abfcd2f890b3a44dcb566aa8957e90
SHA1 f3215e5e3898606b0819d3f1265cee63e2020af3
SHA256 97cccbd4be721245c8223d8e1cc05fa12a33d985f3a63190b3ed39a08b3cbeb1
SHA512 1d3a71680f133ce4ce62f215bae2bc89a46a91031ecad05513b8950f9fce74e234c090068383c03d83eb3e62b771ee1f6f31f2577e1c371e274f54b2858a78f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:18

Reported

2024-06-17 03:20

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe

"C:\Users\Admin\AppData\Local\Temp\e218604274a5a9c5eca4811f12afb2e2cf29a00f734e455ae37ad9db78b77243.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 13.107.42.16:443 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 8412be369fb1f78129eb87867a3ce132
SHA1 39177987ca13e91427e152081cbd434cd91abc6f
SHA256 ddf7788c6d3cecc69c3a8eb95c5a2454be76603414e671404ff9f7a4fbe95214
SHA512 6837b265a0a82526fb90cdcb9f35e2d1c15d9966960a30b17f96fd9a04b29a997fafcb6979144cec0a8d7b67814a2348d98a41d5baad8e3c01b7d9510e6515ee

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 1b9b8ee6274f6262bb26da79d42c4dfd
SHA1 2a487970f800356b97742d9d746d567e9e19cbd7
SHA256 c7475e9b7f1b2c476ecebd0a11f0c7e25a756ef45018499e7f9365e17479d987
SHA512 e87ce90e7b47e864d216d10338aae0e4051ef4086bfbbe12610f9126a0a88fd92f662e7cb971bfd50cc207026cf01d3001664046ccf48ec94c2fa6eeb179061f