Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-el3hes1hkd
Target ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N
SHA256 ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6

Threat Level: Likely malicious

The file ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3166) files with added filename extension

Renames multiple (4302) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:02

Reported

2024-10-16 04:04

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe"

Signatures

Renames multiple (4302) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe

"C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1440-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 246593a74a7468787398726739966b81
SHA1 d2cc29b02427785dc0da1a263c7c4f970025bcd1
SHA256 9992d2879bb25279fdf4e953ba551713ee7f985f2bbe5f3611c0fc0d083fdfc8
SHA512 d9a5de01af907a14ca51c00cebe695bc8ae3994cfe759798b4d9d17bd077bc9161d1c85c4f80378d1e59886873e9565d3b473cc54367a0bff3c04c7e93d65aec

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ac1512ead3883a3e7188a609d57a0afa
SHA1 2c206ce9bce8a75fbf77878beee77c3ea958a714
SHA256 8fe1aae92f6035110b59a13a8e28a4fd597199b18659ebe7b66c448653372ba5
SHA512 f9d5c8ac299c0c5e98abef4a793fda58831b5151c9ac68c2fe8b57fd9dd128653cb4f310749734aacb5c61ca292cfe76816c67c8cac44b3ca2f9d2063bd9dcad

memory/1440-658-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:02

Reported

2024-10-16 04:04

Platform

win7-20240729-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe"

Signatures

Renames multiple (3166) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe

"C:\Users\Admin\AppData\Local\Temp\ae55a1547a7a5c35866d23c30d11d703388783cab6d42e11912651cf948fada6N.exe"

Network

N/A

Files

memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 f25dcf41e809dffb7ec13d77b1c6e9cc
SHA1 51457e38bffc2561ac4b65fd04318c20c2aba133
SHA256 3c1677b99250aefd7f751261cf5444b12700914ad1ff65ecb8c8eed0e32c67ac
SHA512 d0b996c97d99fb0547dbbdee09c726c363b5ee2a507cd3e571f4ad2a5943d54c9642ff5924e2919f837bb77b06eaadf2e29b6ff57c444eba814f64b378891169

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5fe95768da8dde9086794f5d9604357a
SHA1 a07c20db9cf45bb1860264d21d88957c65c6832f
SHA256 641168856786252913bf19413ac3a6162884364c172b51d9bfc8e8b4b8097655
SHA512 00e408b42667aaba7a6bcf6820fbc06918759e3b7c5b2255216e72fabebae142df8e3e322be67fafebc27dcfbf7459f782887118470d5bf98a0b144da35b4b13

memory/2188-70-0x0000000000400000-0x000000000040B000-memory.dmp