Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-1bffssxcrj
Target 62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e
SHA256 62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e

Threat Level: Likely malicious

The file 62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (5006) files with added filename extension

Renames multiple (3488) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:28

Reported

2024-10-16 21:30

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe"

Signatures

Renames multiple (5006) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe

"C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3652-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 ef714e88de47918ef1bd4e9139511a3e
SHA1 aa12aa70af2b0db6deea7f5b83329951a7fcc4f2
SHA256 609a1809e331167d0572a168ba79a73ae3963d50dc6fd41881d5b598b03a2ec2
SHA512 cc62c1396af90952c0ce4fc8b3820caeeda93f24faf655950e727e5a658d6f2de86b1d52cc7703d14b30a34c3d1cfa505a6c45d516bba3ac094d5ded2beba0bc

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0ec5fee15e0faf70a89c991e935c8bd2
SHA1 41a6187a7df11a2ff02f0bee68a2cc00393f04c7
SHA256 4d4a40b2dae05068fb53c237ca74eeb527806ad9b41769080e3e6626ceec2222
SHA512 a4dced1513d51d87f944ff6a9ef95291d4e2efa5f12b93102397684ff7b2435619ae8c9fec48cbf96f90e7c1f1843a9201be70c66d0a9acc38c1c39d66792ab8

memory/3652-658-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:28

Reported

2024-10-16 21:30

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe"

Signatures

Renames multiple (3488) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe

"C:\Users\Admin\AppData\Local\Temp\62c5712e96e6a68215ad210ea60ba0cdea4c336369173b9289035f142227810e.exe"

Network

N/A

Files

memory/2516-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 6f8c2df05b2f82efcbf2e45d593d7a08
SHA1 1ccd566d3d5e3a7fb064bc9ab7c7a4d2d6840925
SHA256 a6a2d85f5a21f061c3e7263ba543a96f477b7e70cb33533f458888f03f333936
SHA512 bfe5dd7a621c67cbc0b74527539d4df0656cd638b553303a5a38de877733b331fc982e86ebe1ca635fa0c1feb3ef7b052abadbf24c3f10bb321ebd8c7717450d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6c8b74d272f6239e7b648fedc0a648ed
SHA1 0589fd162dfb5f018bd267016efd27f3797a932c
SHA256 8f62e691cb1be1ec78f9fba0c8273859a130c995b5bf0fb15cbf11ac4949b2bb
SHA512 5ba944741e7b18ce4552d7e7cfd705e85c6337a218c82b02f4db7a735b812523013d664a4774771e0c681b17f4c5169a9406eba3d1df01388b796beda5750ae9

memory/2516-70-0x0000000000400000-0x000000000040B000-memory.dmp