Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-h62y6syfmc
Target 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N
SHA256 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125

Threat Level: Likely malicious

The file 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4651) files with added filename extension

Renames multiple (3446) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:21

Reported

2024-10-16 07:23

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Signatures

Renames multiple (4651) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3012-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 31e3ef4bf7d3c3b275e75afc6d949544
SHA1 554c2f6565b71959048220d57e128143f75f4e5c
SHA256 f9528171b05a97c2d1745d69b4a9de04dbf0df24d83e729b9a78170d327b64f1
SHA512 365c608053f859fb3accc998477bc92cd7a4b0a6e3908c705f714f6ee3b55d14eabd6501ddfb42a879d58f6d4cf69f2a529207e0879a44ad4127c328562542e7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 03ba244e51698073db75ab9d7c088b25
SHA1 cf064c768290aa7a01f0c6fe235fe5a2800760aa
SHA256 b7291932c0cbd85a9980648e1bce818332f31dfafc800eb414c17e026f3f51fd
SHA512 9fa0586f207bd1e28d4888470f6cdbff2d14d652e48c37aa94824faed349acdeb501cc913b77fa7bde96f02acc152db70af1f505b2ce2585b64a4f4c0c82ed1f

memory/3012-787-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:21

Reported

2024-10-16 07:23

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Signatures

Renames multiple (3446) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\ExportCompare.emf.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\ApproveUnpublish.MOD.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Network

N/A

Files

memory/2668-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 bb3ead518ff3cb94cc78b06121baa03a
SHA1 25aa84d9d7f57845acefe1c7c69fc2a6f5082057
SHA256 08322b0fc14409b799e05e8d02b65b7d348f1c407ff21e1d4b8c2349c512b30b
SHA512 03164c803b639e9f2a8e2122b7851103d808ed9a0e968dbe96481487e8f95686574c03af750e8f09d5b59c12d58345d17e0408a6ca80f3c9c6608dd6dedf8d9e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 005a6fb263810c4ba4a9c8b647aef8bf
SHA1 b0f913cd49c4590411844a14e8312ac290b3c5ac
SHA256 077d6110f5ca9a2dd43f870d62664ab0dc65d956e2224d101fc142f29778254e
SHA512 c85d2ad6352e85b5a0fb5512b0f5f2f71b5f99e45b94c1b70a9e559cf3c8c09e10e200d7896aa061874cf80d8a29740ddd8e5eec1293b30d0664d5b651585d2c

memory/2668-75-0x0000000000400000-0x000000000040A000-memory.dmp