Malware Analysis Report

2025-03-15 08:22

Sample ID 241021-at1ata1ckq
Target baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N
SHA256 baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55

Threat Level: Likely malicious

The file baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (2789) files with added filename extension

Renames multiple (4135) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 00:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 00:30

Reported

2024-10-21 00:33

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"

Signatures

Renames multiple (2789) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe

"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 4e64e039c92286ea5b570083d2f2741d
SHA1 41135158d3aa8c08536447b8de5a2d9f3f103053
SHA256 bc707ab44c59e6879ab8967a35de432798b4a4cbed19e4d7cc2638bb287d71d7
SHA512 fe634d4773d66c5bf8a6c9753abdbc213e7458c989b7c65c7d79f27768489ee8d21e97c06933d30c3163d3eff74f3bc4d4020ca299b7acdf497f2dd428220bc6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 27be7056c188978759e406a8dc83b8ee
SHA1 f98d1d2225b84995d3aee039ee3c31add969b57a
SHA256 e8ec767eef13d64e2c8be3fc5d580623954635c5f337a2f4a1f6a4a45173e162
SHA512 04ac391fc14aa06fd85161263c6821c7f9aabcae963c232fc3b86c8152e4a24c3997d2924ac89e43004e1f093ab435e905ce73db07a7214d445b663fba61e24b

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 00:30

Reported

2024-10-21 00:33

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"

Signatures

Renames multiple (4135) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe

"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 678a39e098b2e9ce860b577e234c0148
SHA1 79f4b47c13c630a8de989ae56175b0d11e1a7047
SHA256 40ad2cdb4768f0f1ddf42a0e115ff2da5f275a6fdabcd804f997eb949c49e3a8
SHA512 712f6eaf40d7e6d4eecce870712d5c949cc4547b00bf0d87d7a8239b35db3da469bf360c2f9fae0027add3b3e3178274942bbe6b9a68a94148ada06089c2adc2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fba159705ec1bd6b6bb11c2474eac5e8
SHA1 a17fdca5647360b845f258d11070b274a76070f5
SHA256 9c06949b767276b2b068f73e71550c270f0435922a2364208588858e8e52b70c
SHA512 a53d992bccc7eca6eccb79ee4346e90192ef4e838742c4f822e0e8499eb63937fd35c70328fccbbc5f7daea63f6105a23f6e1eb0ebfcd813131b760b99a08821