Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-evhjlsweln
Target b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN
SHA256 b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55b
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55b

Threat Level: Likely malicious

The file b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3261) files with added filename extension

Renames multiple (4579) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:15

Reported

2024-10-16 04:17

Platform

win7-20240708-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"

Signatures

Renames multiple (3261) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\FindAdd.3gpp.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\GetRegister.otf.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe

"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 cfaa8fa85f3c5be1b4e9e967dc8082ba
SHA1 86923170b13de8b80fdad1c1bde548ca57ac580c
SHA256 cc1925e5b0923ff0997ef47088a42b2c917fe8f02943d7f960fe3ea8a1410e87
SHA512 f27831be331f69067a893b43fde14e87a5b432438d76c4f7b58710d953f76d69d07789b1fa891a3b51cbb981ae81ca63e6a84f9cade87a67287e84b64581695d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1427a99c2901c59cafe4c74720ce8847
SHA1 06f8b550b46fd79ff521640b24fd9340cf976bc7
SHA256 230f824989117e7baae6a958673d90af18442f653b2c6e80c692dae282cac19f
SHA512 9944634ea52f3e748234ceea5771154176890a29c29afa6e33502ac8a7978580b4bb77e873e01e69e5e5faf06d04b8b9d7f01ef217f42bb39bb2310a090d3d41

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:15

Reported

2024-10-16 04:17

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"

Signatures

Renames multiple (4579) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe

"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 d164f10bbbf2e591b31ab282ba763ddf
SHA1 071dc485944392b44d03ca60c4a8d58561cb3b8a
SHA256 8638317671de04e1f6147e09041a9e61a3e62b6ddbcd9fce394ac531ea737d8c
SHA512 cfd6c90089bafae615ad7e040084723208d826c49c6641f6c0c8541e71c17017c2d765f2cd0bce636060805ed13869685146a80ac82d0337ca98f76250346ce7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0ead92bc79597c14eabb5e9d48687b8e
SHA1 76239e452ede6d79255309fec1f8989ce943ece7
SHA256 d17d5e2cfc3d58b0d83c0d4d310772ee8b6c4890a306da475ffba1a8bcae004b
SHA512 43d010fd20f07e6115842771ac838a77ed5f4f8dbb3f2e538f2fb27d043dbb947ee3f0499b7780f058ecfa470a9f2a03f8b129350ae45d16704cbfd9aee6e37c