Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-b6fbva1gje
Target 390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N
SHA256 390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58

Threat Level: Likely malicious

The file 390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3261) files with added filename extension

Renames multiple (4640) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:45

Reported

2024-10-20 01:47

Platform

win7-20240708-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"

Signatures

Renames multiple (3261) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe

"C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 9dbd95e63a49489a011e87864778d215
SHA1 1da0d12e0af8d318e7b57a3e77c2c34ee1c6eab8
SHA256 37f45d072db4766205feb3ade5bfb48f94cc5caebe1501bb3b9fdb614560e07a
SHA512 62e0a751ed86886b7c583a5d4dac6cf942efb4b543911fe0cacac56c6b31d76bea31def25b4b322db336f78d46d0c77b7c936aeef21b558b70529a2c4dc9b1a2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2ba5ff0a5d07ab95cb50cdac23b9a302
SHA1 0751dfb94144f08fd222bd6a449c653266a3c918
SHA256 47353791b6f5eac19e637e63aefad8069035be6ddeece46c5f111c9dd7f3af6f
SHA512 cba1c1d9a067c478ec93f91386a7b636eb59c9b72ef2d6a2688a928e4a296a2d46e02ab21bd6cd841537b1c0a11fd74210aa9cb37f919836ba04af88b98bea26

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:45

Reported

2024-10-20 01:47

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"

Signatures

Renames multiple (4640) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe

"C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 52956ff77a509d8bb8b6a59943201bbd
SHA1 0530e254d0e842d3420c9b2cf086e0266fc6fa3a
SHA256 a22d851c5e5e892e1bc9c8504feb42354e34c04bf6fa44fc2d6860bef0f95d95
SHA512 ec493f1168970559573fb732d5a00bc2d4bd3c692ff2fa2e9a93411be5552c8906cea38279daeee9731e823643e142767365d2e2d1262d126f165064f2db74bf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6e1ca9fccc0009e960ba63c588f35530
SHA1 18cdc2d2e965ab470ed1053d317acab099e34491
SHA256 7d0a21b997173fd7da59c9f350daa07487ba24c536edb10e7ae21356881253f8
SHA512 1df92a8bef8f25c01a47de81e858124f3ec80f7cddeb8ad953a7e8a2dfa98042198682ea8d5881e41e501be1b3012b4bd25c228b55b2d08dc0da9177c7403c46