Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vnj2vs1gpl
Target 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N
SHA256 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731

Threat Level: Likely malicious

The file 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3760) files with added filename extension

Renames multiple (4870) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:08

Reported

2024-10-20 17:10

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Signatures

Renames multiple (3760) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 43241c58e6b606a7da86b81f018937cb
SHA1 3538c57dd1e479de6ad3f961fc994acf10d41c73
SHA256 1b978b7243719310eca21e6c1aaab5842b63dba79fd4b4666039cfb2fab06262
SHA512 17c015bde45a6182bba7c348d6ab200fd22b749e7803e1d7066a10975327a48fdeabb2a21a5543471448dbab7880eba33404cff8147898c8762f5f1e434fc3a3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b2e2912962f3670db37ef0b367e8adaa
SHA1 fbd31e8741d677bf4994acb3a5b84a36d0416bb9
SHA256 4c113ea41b45a2265f164b63ecedcdeb647d85fbe4c1d34759977517b32d4c0f
SHA512 d9b612838d10969583d475dbf7ae8acbe15918dec6b51f1a7372f8938e5428afe024fa87e80be47baf784a6aaac40d946ed33e5d8ac45b59af864e0faa4415a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 17:08

Reported

2024-10-20 17:10

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Signatures

Renames multiple (4870) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Google\Chrome\Application\initial_preferences.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 f5bd9b3d3db7f1fa9e6cc81504c3d69d
SHA1 26d776fdc26025a27b47de50d99b238d9700de90
SHA256 9fa32cbedbf4ca40d0886a5437edc58aff212c7f18445756a28dd0d825137605
SHA512 9dff7072f84dce42a3978af54ac0ccd21cba438eccaaadd4306750ba7a901860c7d7a0a589e9fd4c12356297056da21cf9db83b2325f8a84c7d394e7508021fe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 44fa609d3a36626b2c6d0faebb2ee2ee
SHA1 18c4b9bf3a055a297a8e5b06696c608bc88a1bea
SHA256 3cc92ca357c6fe5aecdeeeafbdb3fac4fd601b3d3d1789aee4cc7a3b13b56ea0
SHA512 04559b9ea5d54966121ab30f4c1ff69a7c7bfabbf88512b3603c555241e5a116829bb5baa1114089347c6232a6c1e1fb64551413d5114c6b2086d4a37a0df3e0