Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-h8cr3atbrl
Target 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N
SHA256 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125

Threat Level: Likely malicious

The file 15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (1147) files with added filename extension

Renames multiple (5191) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:24

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:24

Reported

2024-10-16 07:26

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1468-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 cd16c5bfefa1ca03eb6626836adf64d6
SHA1 1d733268053d73d559e42f8db053578014185274
SHA256 e8d5c4ea5e4e8d826645c65f064243968624cf8cb4697954c84c19fcc4baf0d2
SHA512 366bb3edc7580d6d977555259d8be1e68bc601ce9a896207c1d41d1994d82bef015816f5f51d4b6fe6f68be69811372cc03c0a7e06e116241f6632ba135830a8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 49ce8e8cf1796391d284a92ff2025417
SHA1 88caa3fe6dcc3c8d71a96279941f13cfe0c5af36
SHA256 b7e014a9ef1705b0be7f5d15521fa00d7b3bbca9629802f0db2f3340547772c7
SHA512 c99b88f3c050789ececb1f28e9c903d27754b688e8ae020cb979902c13a7a50b7a1d45e8b62c63d25e5b9cab5294ed7dd29b011bd81225f636dedcdb34486b8e

memory/1468-788-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:24

Reported

2024-10-16 07:26

Platform

win7-20241010-en

Max time kernel

150s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Signatures

Renames multiple (1147) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\InstallClose.cab.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe

"C:\Users\Admin\AppData\Local\Temp\15d7ba76ff0bcf534fb40896d1e3ff6536083319b00074eea62b2b80d097e125N.exe"

Network

N/A

Files

memory/2596-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 7cffc653b01e47fbd34735221ffcabb4
SHA1 2f0bc965f846c116e85cf0c2604c675cd131d670
SHA256 c95e8808a28d1ba815f2dfdba519d9d2489c08a39f1f0337c7a626dfc325d085
SHA512 fa88d8de997c74faf41305e4500593e6ffa9b43110bed92738e40a5c9899befabe55dd70a3814d6cea639200fa183014250c976da59e35be0ebfc3d9f1ae8de0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a73f02a70796efcae83c456ae886e084
SHA1 e111563538fcdf94b152a1822fff588013769e95
SHA256 ab4e61f8951ec55ba5c46e0668218742615e27c6d085ffc03fd5878d6e7c06d1
SHA512 012dc7e2156fbc63de0c616f8090cb287155494aa51f886b82248e6952f16f0eb2689d08b11dc36d422e8573bd30aadbdfbd2b89bc7cb980d89b49d9b867aa76

memory/2596-20-0x0000000000400000-0x000000000040A000-memory.dmp