Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lvbvdssanf
Target 0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN
SHA256 0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2e
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2e

Threat Level: Likely malicious

The file 0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3165) files with added filename extension

Renames multiple (4665) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:50

Reported

2024-10-06 09:52

Platform

win7-20240704-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe"

Signatures

Renames multiple (3165) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe

"C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 5516211141c02b856fcec9c248e6982f
SHA1 3ccd3854cfe03f6d138f5f5535a518ea8bd428df
SHA256 6775d3f08adb8fd2c4d5b0f96eb6ddc911b8f17c4ff4e469f92a278ba3055dcc
SHA512 8c20ad8022d6575c792f5542ef7c5d96f126fd4a9e869f627bfc6602f27ffa9fd1d668ccc374e42ecf60081d160692f0484809164ce3133f7ab0f523fcbecf02

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 46c4d801e7fb35f83407c5a2ac147134
SHA1 2a8f053490406638e038a17c3b716dd509878fb8
SHA256 b6add711f4c64ad32915272c945b629f025ca7bfb7f33d1427df15e93cd612dd
SHA512 65ab151ef9a6c5c174be864fd4540c1ac2c090d8f279b162f43c5a875c2048733595d8718e00b598cf154b03515d39307af8c4c72c549667c072db4c29819e21

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:50

Reported

2024-10-06 09:52

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

112s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe"

Signatures

Renames multiple (4665) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe

"C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

MD5 96c739801cd9ad224b51fa0137c69350
SHA1 f9808ac23bcda5d3b466010a5c91bfb8d619a4a0
SHA256 8efcf69d87f9e8998267985ddb47653db8b397d0d5938cb3c69be05b36829695
SHA512 5f7caf84a628fb8002a566d9020e2802af759f841536909af707be833c299ec9033c90777a03298b39e7fac20a7a135d4c7a278528ccb083ac693963aab8854d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e604ea9c86b19df3987a7d5ad0215f60
SHA1 1752ec836d15886cf6b98f857a7f3dfa4a4e2729
SHA256 4605a8931e4c255560d136d2815b0bc548cf81a598ac9a90545e8c7e9ad85cf0
SHA512 7ae0c305cd09e930667c360e2d00353749c77f476d347442d9fc835fcdd2347b2d01133663db6bc3e06d55d2cb13a2fc8bc6a89265d83c93e5769cb8d6009de2