Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-yc52qsvgqf
Target b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe
SHA256 b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130

Threat Level: Likely malicious

The file b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (601) files with added filename extension

Renames multiple (5020) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:39

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:39

Reported

2024-10-05 19:42

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe"

Signatures

Renames multiple (5020) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Tec.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe

"C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/3084-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

MD5 da4978616b6183bd778c9179eab817ed
SHA1 1021ad60dd82c392ff6209400c6086f69b6a08d8
SHA256 6b8c604ce31c4376255670525d1f15a0efd1898c60cc9a5d901e35ad7a44a1d1
SHA512 4af9c1dc443df6327f3b92c6dee75cea7646758027ef4e3c7d6617d667a766e12dc154dd4a2646bafd1f0a48cbbeca46d56bdce541dd8d6ac829775b2e8b68b7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 88d80bda0eee58e7faf8a19f9631e593
SHA1 370bb9eb5de704c6db0e2e13ca8f0618ae6677b7
SHA256 5ad45fb58442b21ef789aab06f99a6d477bc004e93f393eda15e067b716cdde4
SHA512 b61a5583c1fbce50fbca6883d8b03a54cee5d309a09dea673c9d04acd921612dd02bb4dbee529defbbc45e5d582787cbbd17dbdab5697cb6d5d29f2d63857c28

memory/3084-854-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:39

Reported

2024-10-05 19:42

Platform

win7-20240903-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe"

Signatures

Renames multiple (601) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe

"C:\Users\Admin\AppData\Local\Temp\b79e8a82575a55cdaa2d79d39a032f72a8a5921d4850594e993bc6282a8bc130.exe"

Network

N/A

Files

memory/2176-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 b123cefc0705ac4aa7988427b13a0ada
SHA1 305ab3300b26e906c6fc53c418fd6fa19d693fd3
SHA256 98b80884c4cd276471df4e82f4cc57ae76573d6e45ee1a2577429b23c53fbf44
SHA512 d358b6bc318f65e25220efd81950550698381ed38137edd7c37919edd9ef16c49f111a333d64bf75226bc932bb1608990f3dd3f4da245934b95fe2c9505588ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a43a7ca4e280393a6a79206e093d2918
SHA1 8885bf557ab2fa553cbbb690c7b5ad04e04e2d5a
SHA256 28dc13beed9d5f82eeffc193bc089a64111c9fedf4841d17dec11943bc8a11d7
SHA512 d184e0bb0fe652a44a496a4f07f81d9059f9ff62cd4c5451eae086494a4ae935304b4d1c6617019f3dfe93a7b5f55ff01fcafa178c30feb3e1e1ca017af44637

memory/2176-22-0x0000000000400000-0x000000000040A000-memory.dmp