Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-mftmbstbqc
Target 6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N
SHA256 6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55

Threat Level: Likely malicious

The file 6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3774) files with added filename extension

Renames multiple (5189) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 10:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 10:24

Reported

2024-10-06 10:27

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe"

Signatures

Renames multiple (5189) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe

"C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

MD5 af27e46c6980df3f44480b3092023445
SHA1 dc6427389de591826c1591babbf222a26f5d5708
SHA256 3fa733bf23cb953b2c614b71e1e3f5c7be3d3aad92d79d7d2fea56e284421e31
SHA512 4b9705a21a82221f5c977ef37295e21e9f3bca0b4236ee05b95d659bf5d2914852a03f159947c6834072b86e26a59c00f93e117e00e5376e19f7638291b777a3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a1ae83043b79db0c150aa5a14bc14160
SHA1 26637f7ea828b211c30bc70fc8c02ed499d85fde
SHA256 87c3a40ab7a06a0e97f8760ab93ec8f51eaea42d1b74342c8244f8fe16b35802
SHA512 b6e4dabb7131ece317fe2fa7045ab0ddba90dbac6a8feafc8c028891537b4218bff9aa7dd7427e9fb47d9e00de6bb9c08cd16986050e727b64b3af312db06582

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 10:24

Reported

2024-10-06 10:27

Platform

win7-20240704-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe"

Signatures

Renames multiple (3774) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\VideoLAN\VLC\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe

"C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 3e1ead459b68153bddbead48649ee11a
SHA1 87f44a68ce7e53cdf4e04d0e75ecab4265b999fc
SHA256 c25f06d801ea92d5db280eee037263d4277f477685a6165f36ca72c937ab23ab
SHA512 8dbc876e0685c3ebb2fdbdd75f8e7eae51422a809a571c3f6be9c0d86544b351c0424aad48d4661e3c5929af1b88e3fc284531954cfef02216874ad142a5dae7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d836fc4eb9df04121d987ce9c315878b
SHA1 d614d4d9785a86f87283738fa8e41a5add6ed7fa
SHA256 2624deb943995b39ac5ca6bd85471798d19f39cd85c1687926569d6d0b7c7242
SHA512 a62a02798b2fa58eebcd3e96b09525be6efe7ac19eee720bed5ff5c4017c108b5da060a831d18f10ced58e18190911559f193b300104795c28f6da09ee5caa67