Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-av41dswape
Target a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496
SHA256 a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496

Threat Level: Known bad

The file a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3432) files with added filename extension

Renames multiple (4979) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:32

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:32

Reported

2024-06-17 00:35

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe"

Signatures

Renames multiple (4979) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe

"C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe"

Network

Files

memory/4980-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 e981705c510f05bf088f91c277ef5991
SHA1 bdbd49efabdf1eee28127ffbfba4dc767e0be314
SHA256 d83c66ea832674cc2eb3b9a9303eb2de05360b99a5be26d151df40c1371597e7
SHA512 393ec3e345e8fef08767020321bd45179ef76d6d9d95feb6f8bfc09af499c1d9d8715f618ce569033f687b573f65ac340d82586211585ef54cd8c2d55c1c7f3d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1319a390d5e4be2b446f9dffb8ede4f2
SHA1 aa1c12a2d36509166dfd1aca2dca4d597c5b9476
SHA256 867f7230a9af995b9043d3b902b93df921c0d15992afde492b8adce09ca929da
SHA512 e4ae2ff89788d705de09632cbe3ad41d2b251202d9dfd842f6a75d52fd14b8129efe2db6582b727295067324bd0283e70641abb8b209ec0ca85319cd776099b1

memory/4980-1793-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:32

Reported

2024-06-17 00:35

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe"

Signatures

Renames multiple (3432) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jre7\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe

"C:\Users\Admin\AppData\Local\Temp\a2d6e609e5c5922a2c08ed83c4180100e3b7b7198e94aee7172e7543637c8496.exe"

Network

N/A

Files

memory/1748-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 62f5db0a073d52bea6664d679d4c4776
SHA1 e3c58c600d8136f57b5bc3690e96119053459fe7
SHA256 099abe008f6f714ea4599c5ec2bd25e593043d4fae618c1762fb8dd019b76963
SHA512 e2e45ccfb27fef98c44f46bf6b742aba3d2f5b79fffe748281963abeb5ea10067ee15c498bb2d443810ec753e9d479db7d8c76748439545d9d17d6197168e3a3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 75bcf4a5e08ab8031b558ae56cbddd97
SHA1 1345e1994511bdefea382ff1cb2af0799433e797
SHA256 29d0b700e72e7d45fca7ad332a06a57c83a85bcfbd1b8e4ecb19544c2418aece
SHA512 3ffa7f19997f8f9b30c0bfc5bbe674716af0b159461fe7c3ec352301279ab971c523374da7e184f56e25aba67930a1895882e26aeae8fdc853d85cfe5d7d9822

memory/1748-556-0x0000000000400000-0x000000000040B000-memory.dmp