Malware Analysis Report

2024-12-07 10:21

Sample ID 241113-avv3gstemd
Target 90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253
SHA256 90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253

Threat Level: Likely malicious

The file 90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4002) files with added filename extension

Renames multiple (5022) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 00:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 00:32

Reported

2024-11-13 00:35

Platform

win7-20240708-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe"

Signatures

Renames multiple (4002) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe

"C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 87b1f5539f09f6fdbea12f25689b781f
SHA1 ad63e7eda393a076bfe81add708ad1782cd76504
SHA256 39a48d62d655d34a6b7d619c110c1410bbb7b03e420ff305e7ca6edc95a9eff2
SHA512 8bb3560895fe2ebf3dc724493defc9c056f96f3aad3d66775a2dd406689888aac281ccc7745aca03735fe7029596581a363310d4f69366b4a4e3a016814734c6

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 ac537aa6ce3c6ba910c79bfd9a94057a
SHA1 031f5e114116c33147168dd1122cc6591ef8782e
SHA256 149a92b8bfbea55f757eadba8823c6817802e1e9b064420d7024d1ef1cbfbfe5
SHA512 c457293a80e014f79ac1640d6d7102f3a5d67eaf15fe07f481f5504cf07df5186b3f39c3ea19e85b71b358ec6fe66331ea322b7abf135fdcc2e3ea6009fc13e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 00:32

Reported

2024-11-13 00:35

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe"

Signatures

Renames multiple (5022) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe

"C:\Users\Admin\AppData\Local\Temp\90e2c80d250a456b06a8e92f97b05026b1da442ec397b7fc3d9f788e89bdb253.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 32d5db882ac4589313df6388735c7789
SHA1 930c31d43e4e2aa899cb0031594b7680065078dd
SHA256 bb431eb9114748abf123c7b8670ebaf52b0727ba2f2563b645acf92016870d2e
SHA512 430f72e6f6830b19064497a38ac3c5be947255b6d3b66ca3810b92bdac045bd3158a336e7f34b36412cb26cc1f9603676a94dcadbfd91fe2cd4f95ee13bd1384

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 90d91f599da595e550cd2085447f7abc
SHA1 17e47fca7feef919af718c5a428e5d797ee7931d
SHA256 d7f66a7bf2c8a256d9c5aa827f486f41272ada05e8b4a5bbd1453d8a537d6a37
SHA512 eb60809b893597bf0b5de963b078836b3545d56e8da62fbced49e473fad36688a6a4330840351fbf086be2ae566627402f95276eac485bca039d4cd11dbd573e