Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3eve8svdpe
Target 739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647
SHA256 739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647

Threat Level: Known bad

The file 739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3771) files with added filename extension

Renames multiple (5303) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:26

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:26

Reported

2024-06-10 23:28

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe"

Signatures

Renames multiple (5303) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe

"C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2372-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 d434bd30868fadc32a0f1f61847ef0a0
SHA1 b59f00482406faac9a8fae2f500a1a701d1e2362
SHA256 29a17562f6180a98c1639dd9223bc91e63d4726e4997a7b5c6464a2b8177c65a
SHA512 873a8156521d68b4cd51293b72dabb35dfc8d9ae55aa89b568bbb4640dbc4b6ae954a887c45a96107aeeef147560300161c960b5f543750692da0a749095dfa8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 70e6d316deef20880a3c031e1238fd53
SHA1 551db23c053a214d73245027b1ea49cb19ef3b51
SHA256 48aef275fbe7d7627d34f8b4d0ec135eec8748016810538c3789d31bacb19e23
SHA512 6a3d10fac8a878672e9df69f8e238aa42972d661f615982bc648296ac6eea008fd7d2b5b0aae3884afc12fb8e22a3055d6dcc35fcebd147f5375e0a9c95404cc

memory/2372-1224-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:26

Reported

2024-06-10 23:28

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe"

Signatures

Renames multiple (3771) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe

"C:\Users\Admin\AppData\Local\Temp\739bad7c83e49b69a40923bb0780c3d46d37f6e5cfb9b303f48189404bdc2647.exe"

Network

N/A

Files

memory/2964-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 95234a212e144b76a26c29dde7a6e194
SHA1 973b01d90503221dfde1309f44bed09f991eb603
SHA256 c29c3a90888bbb7c84f0ce100ac605f64043726c1618a45e93eb726d720c283b
SHA512 96cf922055518823297d4aaa9c02f62c50b83d4648cd869f68b724339f75b38635b47351dce6d010f7cbcbb471c2e8526e87322cdea35793c62a2490a57e3ecd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9a5aeff038fa26eb81b0773adafa8a28
SHA1 3f29966de5d64a1abf8fe073043bd601e8215ed8
SHA256 4ef5f773896151aadcb61a38a9eb1f2b4f4b1ccc034180a768acf1e47c9296c3
SHA512 39bb15e6d11d526147ff11459f6d245ac57573c6d053b237445357ea17e4546cf467a50186598becc8a46dc16c56b5a4ec61ccb6c4b1ae699d5a47401983c579

memory/2964-86-0x0000000000400000-0x000000000040A000-memory.dmp