Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lbk9qaxakr
Target 27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N
SHA256 27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338

Threat Level: Likely malicious

The file 27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3283) files with added filename extension

Renames multiple (4656) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:21

Reported

2024-10-06 09:23

Platform

win10v2004-20240802-en

Max time kernel

119s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe"

Signatures

Renames multiple (4656) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe

"C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

MD5 dff12503593227086c700457077ec3f8
SHA1 25d1a4cc738eac315599b3e999ff6c4e24bd8283
SHA256 59c3f9787df5d06a2ad496325fea27132e867e325d7d01a575ec0cd31937063d
SHA512 c100ac2aee49b2a147c5baba801604bdecd198ff1419176cdc3ad956e82e63438781e12c7cab621a1c105b6cefea5caf17ef571eb872d12f4fe806396f02c1cc

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f97ad6ed1f28ddc5970497ebd015a82d
SHA1 527fe0b6af3d349a47502369e6eee3b78f042a68
SHA256 37f5fbd86f1efe3da7713a066f1d62555d9a5f02a451ca8d5d2688fbf81900aa
SHA512 d83d7b1d159fd9dcbb15cb00a134d97c697f1f59040fed86b0bcf47f656d9c782384ac4c0f7d4c21a152c45f67affe1baa03df12c930d04f14447b3d311f8be1

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:21

Reported

2024-10-06 09:23

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe"

Signatures

Renames multiple (3283) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\OutTest.mov.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe

"C:\Users\Admin\AppData\Local\Temp\27ac6967b84a82c4f4810c080137d98273dd4159e70fbdb6a7b5e9900c379338N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 19dbe28af573d3fad6203aee883ea584
SHA1 37c825474572026a1d5736c548ea2bbaaeb924fd
SHA256 03848c079d21d025075b54f331faf1e0c3a13f665528610bb93d8ba18e92f6f5
SHA512 bde8a02937930a2cb4fb6c9cfd59e38cc0a54c82e9e5394ec703127e6b2cd989f9421d329f6d6440e20b84fdc34a411f7b2662e2445cfeeeadff76b3cac8aaff

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b5cbd91b1d608a028de87c3a046d45c4
SHA1 cac648986cadf3c889c31e5c0140377c26cd0ca9
SHA256 f066330a738fcdf601ad41950fc7d7303c93b721f5520539df9ef79ccf2c2cfb
SHA512 b4aa2f22d091dc9f673322ac59091d400ccf1d8c2da15f36841dfc7e242a71ab318b7d1931c209b3a4aef41ef5dac1c0251ce9b03454f9128f182b3e0bb11915