Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-yp4z7swcjc
Target 50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N
SHA256 50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85

Threat Level: Likely malicious

The file 50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4651) files with added filename extension

Renames multiple (3461) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:58

Reported

2024-10-05 20:00

Platform

win10v2004-20240802-en

Max time kernel

119s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe"

Signatures

Renames multiple (4651) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\FindConvert.odt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe

"C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/1932-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

MD5 3697ea3ae27eae6a120f5a1d9ed44f60
SHA1 528562a342974d8235017738543a848e0e6efee5
SHA256 1e1a2471e365e719d11f3b057f093dd349a841216160fe59a4d2b085531ff329
SHA512 f1772d120744fc1b24211f77581ed32da88200bfa49eb569f13e38f9e17613f549be43038b67a5aaee4bcaab3d96c520738b66f36dcc050640d6d502fa5431ae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 965fa52ba6745219e26cf44de6fd3b94
SHA1 69690f823ce06a61f673be231b25ada22fefa90e
SHA256 606552223d31270ac98d6d8b366ac969e6d4d87cfbe37eb58f618b87f7515f82
SHA512 85fca811fbe8d297e3402958ae92e26636bf6f8eddca397dc318d7468c183612ae7980885de0e6398dd5919d7eb102e316f38dc8c967d6a19ba9fbe1feda8508

memory/1932-911-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:58

Reported

2024-10-05 20:00

Platform

win7-20240903-en

Max time kernel

120s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe"

Signatures

Renames multiple (3461) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe

"C:\Users\Admin\AppData\Local\Temp\50ebd16bcc211486db9a2d0daf564e952656b9251c328465d780df956695de85N.exe"

Network

N/A

Files

memory/2380-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 17cc34e77ecee1f20cc9984eb7a4f3da
SHA1 20c3e8c9db7b31d6f824d881658a57f114e8f8f9
SHA256 1c4c60a4c7d593454175ff4527d254a43a33c466ca3e39443f577717a6c9bc55
SHA512 230af2d1a6e4f14ce5d2f306ff735c1ae23134d4c96759993b7468da69a7b51e403adf04695093db9fca04c1289525467cd5fd88dd426bbb1c950053a093eb8b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f51a35981911c1d428909e1a4f28a045
SHA1 45f16336efadf3fb28987f466329530d9c56dca8
SHA256 0d9868dcc6827774edc4d9859edb9e4a2ce8e71bf209117b0dd3a9870aa9a633
SHA512 cc3e357ee2c214e369c4483e05e1d136b90c09fa5ec34cf4c610a7f17b95079d5ae97cfd7bea11fa789f279701ffb2c6a673e383b255c8cd6d7cffc52ec908de

memory/2380-75-0x0000000000400000-0x000000000040A000-memory.dmp