Malware Analysis Report

2024-09-23 04:38

Sample ID 240614-czqpnssbqg
Target abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f
SHA256 abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f

Threat Level: Likely malicious

The file abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5190) files with added filename extension

Renames multiple (3521) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:31

Reported

2024-06-14 02:33

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe

"C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 593dc01e07111efad70441048d3963f4
SHA1 f865ac32eeccf050f74bf74277384f0efe90f946
SHA256 5359760d0f9a5c16d7b8b93710ab44cdb72c3a3c0c0fde1dcb9289443883a15d
SHA512 1516ab92fc340eb0ae6654749fe8ead23134492a7353667913834664c54053d27c7c1027ddb00c9174acc476779f10e1c0ad014d66d3cc810973a39afcf55130

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 97e83a20d3cd2689c8a6e150086ef1bc
SHA1 4b9dd2735ac6506a39050a28d025858037d71369
SHA256 9ea066a34f2d9a07624307bb9fd2fae1e28fd92750380e13aa5ed9ce71b31d08
SHA512 3185cd602eed2d5522b454fa54554b77e164a15b6eaa3f3ead2f2747999a1674416d47f8efdad2558e4bc7e7d62b82a6c8d401f656d0a4cb0254b7709cc48807

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:31

Reported

2024-06-14 02:33

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe"

Signatures

Renames multiple (3521) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\MergeStart.vbe.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe

"C:\Users\Admin\AppData\Local\Temp\abdca0821474582fb5c9cf7683290c43bd3624e454468974aac085f77d81da3f.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 ec507599e0c6655c0358045b584830f3
SHA1 ecaa547e0bf63c1a8219f4942459f6aa900ce272
SHA256 4c22eaa9be547b3135978c3e34bccad4b94f77b0e00279c39d26b7eb95180fb7
SHA512 4509bdc48db9feea32f4bbe5ec6d79467bfeab35e9dcf677b7ffc307f9b6bf73bd0763674e7192722b94719df17bea14c7f1c9e7862526bc498c66a868c594e5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9135ef40c99a808ef1580d044c67d2f6
SHA1 ec718ab28fb49a530f90b37dcdcc55d01264dcb5
SHA256 af45c5331c82abbc20acda4745474133b7fa1a89c9343092ce5f9a5b6ea12ad2
SHA512 eccba2bcc62825e43d4291ec85b278c2dd6d324aff8c2d55dda4a6a99746da53dbc9c765d6a2efe77111b1415d1458d99f666a52ba41285debf4d941bf603812