Malware Analysis Report

2025-01-22 19:57

Sample ID 241016-waxw8sseqf
Target 22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N
SHA256 22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6

Threat Level: Likely malicious

The file 22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3432) files with added filename extension

Renames multiple (5032) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 17:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 17:43

Reported

2024-10-16 17:46

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"

Signatures

Renames multiple (3432) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\System\DirectDB.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe

"C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 46e109343ace21a2edccea149b9854ab
SHA1 4fd14f844cfae1f2b131cfcc23228c62b3a91261
SHA256 e4a78a6a5b7ceeefae6c01f59420b457d007ae65645048587a6e5cc79ae82874
SHA512 c92be265a2b49ecbafb814fb3635692f7e062bd4a5351ce1890da4d26c79a0ddd6c668aaa89b582cca63885bd9ab3f38067be6a9b97bf7130cefae576520c60a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fc73d7b70b57d4afd3ddf4064b5e70c8
SHA1 59b0cd3ad047ead315ac79942f8317fbb8208efa
SHA256 6e2b2a0a10fcc09e3ff71d8e269e3f769c312737e2d73bf7d17827097deb60f5
SHA512 b34ade64d8bc3c916a2f001d9950a0e140c9cc03a873a9189dad5ab1f5fcd1b890c1f278f1862a46b2fb5e73793a2505e6517da18b04b76898df4cc660222a32

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 17:43

Reported

2024-10-16 17:46

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"

Signatures

Renames multiple (5032) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe

"C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 bd2671e08620db37b3c2a9947e24e763
SHA1 03d07d096cf836f8156dd1417d1489f458b9ea8d
SHA256 046a94f07bff1dcfeeea7c8872595b6a959b216061f8684c58604a88ac7ab524
SHA512 094a3ceef4b7d616bd4bffd0e8094a1c6b19a7f1d82967c13d34145bc56af2e2e840beb7518ad024189132e1e82ac3ffc28db94af7cc08c71c9a586dcec1df6e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f23e14c4e5eb090745c93e50274a4280
SHA1 62a47ac18d3405ce5f62cd0555c789b9d7630dab
SHA256 e3aa1641ec0c8ecff29c55c11e15f034c28e32eca32a34304959c1e694555832
SHA512 5b61c5843e1e3234c6fec75411e86934a27c7c146b4c5faf62441007426443036f7a73291861a83c7c2f2db741b11a4aa16e9b9297718bd0f0339baf8349e431