Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-bhy42sydrn
Target 9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c
SHA256 9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c

Threat Level: Known bad

The file 9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3450) files with added filename extension

Renames multiple (1359) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:09

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:09

Reported

2024-06-11 01:12

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe"

Signatures

Renames multiple (1359) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe

"C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

memory/4188-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 f9549ab8029bc0530ea9aece0031014a
SHA1 ac91556587c28fe65b3421e5f862cc8a55364058
SHA256 4b8d8d799662012884d96e191d9755cac72208f4f8ecf7066dd40dd090d9abbb
SHA512 813a44d1f002b338a3c43994a12332ea2b68b1fd01c13a211e49309b9b74b7cfebb69582a15651a5e38acf69e8a5018e3ebe791f6d0b6188a176a268da89bb55

C:\libsmartscreen.dll.tmp

MD5 259a181f6ebcef4450ec9411aeea1a13
SHA1 0f6575c92ce7211f6493758ef9c77e3238c5e05a
SHA256 90805778831c1353bbe8dcde9c0bf5199a2183b3a48a05dda563d19b4ca357fc
SHA512 38cba30f26dd16f514f0d523ef4d6a35669648c14792e13e9e16d73a421ccd17aaaeaffa6bd92e318eca8d9be951961212ed7c20112a4538fc08f81e11d546df

memory/4188-386-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:09

Reported

2024-06-11 01:11

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe"

Signatures

Renames multiple (3450) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\RepairImport.php.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.cfg.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe

"C:\Users\Admin\AppData\Local\Temp\9d55a6540531b8a86182938f3132f371050036ded22bf31598af5c83a4fc3a8c.exe"

Network

N/A

Files

memory/1936-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 df3ece0d7716e7dae86c62247ff3dd5e
SHA1 cc580cf73f413bc27a5d5eef96504b44940b2e1b
SHA256 67d72fde3e3a07473ff7cc0ab984f7df644316975104da6c1a99f58ce1496b00
SHA512 9841a6cc1ec1a7d836d86a5e4ad6c9105fc0171a9f17b870620384bb7def4f5add2193846eaf7163c2bef68a1b73556cc9d445f5a220f8d737f7ffd76f8c22d4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e9d669a98a30c28f513f95625b9f6a88
SHA1 f4ccd136b92e5f3c07751ef2e7170f3234823b8e
SHA256 c7cae1a1b315b3c61c20ae7a6904224326bbddb6a5e6cd299d2dffa471cefd1f
SHA512 cfe50ccf734a4c289e569e040f12df94a2db7f1cba8a14d94e65541d5bb8f74ed6d62f41749b1274d858dcb6c538e758f4d1b1dbc903597731bfced18984466b

memory/1936-650-0x0000000000400000-0x000000000040B000-memory.dmp