Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-bw8kmszbpp
Target a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4
SHA256 a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4

Threat Level: Known bad

The file a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (5015) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (517) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:30

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:30

Reported

2024-06-11 01:33

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"

Signatures

Renames multiple (5015) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe

"C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/1052-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 92cd072699e092ea8f956ea384848b06
SHA1 ebeae3bb35c34ebaa86ba2e37b654ddf44681ce7
SHA256 8e1129f1edffd75238d796449c93f66ebe41c5862a7e3138bb1c80493d50489b
SHA512 4869273bcc520916e8b1cb7dc9c319b9bad789c0aaca91dd75885c08bf78d1a871d809f83a40874de6535e1c143b5472cf76f959d9bd1355d7ae52cfad22fd89

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7d91bb1c1d4384ad995b2b62cb1e1425
SHA1 efad0fe4cc89356902f1e551f93cb92987dea778
SHA256 d01cec12edd43d75ad3b43dc1994e71725bc6c5a2978e393ed0292bbe688adc5
SHA512 f254726a21330eb58c3611b8f5fbf0b2a32a7706ee1b2add60e9afe7d0022e42b43a754ea1f5a8c152944da627489ec1c90fb647354ac83f03bc731163693ebf

memory/1052-1778-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:30

Reported

2024-06-11 01:33

Platform

win7-20240221-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"

Signatures

Renames multiple (517) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe

"C:\Users\Admin\AppData\Local\Temp\a5d02a3c77893f315515a4204243fb9197f12b99e09704d20ec5fe115716acc4.exe"

Network

N/A

Files

memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 c51262e8b9546dd46f18e2655c7876a1
SHA1 0ed00e778d8e22996bd264548b167ae63d760dc2
SHA256 0ef28376b5707f6a112881dd9fb9cd356dec467381802ee634f4d99d631e3315
SHA512 a915b86923a6a78d0e5de93529e5d830cee96aadc19ea5d1652b09a772196e3bca48bda31d1093ff6f80f3d288c63f567d4934460bde4bbda2316fead2901d75

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d803040f37b315b52622c01094ae4e19
SHA1 18b2e8ae2dbf7984866a63d50968373fae4b9f2b
SHA256 9dc9f1aba1aa996145b248ae26fe4ea90e673468a9f8400a06e3b8720bfcf04d
SHA512 ba5ae87a4745d29611ccc9b490ceef425fe7de4e7569c1da409b2eee8d4d5bfbd9fe3709144959d1f89edc2fd7a5dfc1b5cc33b606d9c2d0f9abfd43cc2455e4

memory/1720-62-0x0000000000400000-0x000000000040B000-memory.dmp