Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-evwfgawemq
Target 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN
SHA256 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075c
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075c

Threat Level: Likely malicious

The file 6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3071) files with added filename extension

Renames multiple (4320) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:16

Reported

2024-10-16 04:18

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"

Signatures

Renames multiple (4320) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe

"C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 e551922c1896389ccc8b3898e1a178f9
SHA1 50c2e4d98961e7395c9117962d76dd03ddf90a5c
SHA256 aee007d52e4a1ba3abae271dd6fb1ec950d0db449332e1209c5766b17e58179b
SHA512 9658033d6df3e89fecfa05721b3d1bc762cf89234270686fd2d9e1e8960e4bb0839b8b790b43f661a8a2db10e94b5d070299f2c81f46bd325fa90983f791a01f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e191b3eddb87c99db683a4fce48bdbcc
SHA1 ec2430eaa4485ad6a331d8b03d2172d48d10f13c
SHA256 934a4a83822786287a59fc485d6a68d827576d7e004813131caf86e92bae43f4
SHA512 3f3aa4681cdd3c8236176a1df45f717dd7b9520550404e6227c62118350f1692f85d3e0a781c3b0b1e85054733b22fb785eba1f0943a00a003e5656e733841fa

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:16

Reported

2024-10-16 04:18

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"

Signatures

Renames multiple (3071) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe

"C:\Users\Admin\AppData\Local\Temp\6b56384ad00d277ee65381a1816c3845b3623b6b836dd01bcab43bd341df075cN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 c491caa0504f5b8d171f969ac895ad8e
SHA1 46bbdf15ebe597618780c726c128d5fc8874d2f7
SHA256 18bd98f06f5759993c52494463a5390983030d4e13d59a4de0efa12417e624f5
SHA512 8d5aa7173b3a0b4cc0595cd379436b49cbf92f6c71ab0fe121eb5c5b1b889ccddd7ea2ea27857025539ad8dfaa4c26be1a15c86150397e2c7c016ac3e2f19b0b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3408464349497ac9921ce07c0d58f513
SHA1 584c62e11ef68afb57c7b39e41dd030f93e3791a
SHA256 bd3273effc295f999ec1fdb0ab3a8b7d6d4fe863961049d7a0f3460ff83d5980
SHA512 cc2b54e08debfce8f20c6094983e6cdc8eec84b0b982ea39c034c6572b0008f0415a4b380722d70af15dd1f9f6c0e23d4c2b698f90aaa1409666c1941da2f7ee