Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-j2qk1svelq
Target 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN
SHA256 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62f
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62f

Threat Level: Likely malicious

The file 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5242) files with added filename extension

Renames multiple (3897) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:10

Reported

2024-10-16 08:12

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Signatures

Renames multiple (5242) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 d9242600488445821e48c0d3134a3b71
SHA1 384ecde31688ee66d4868efc2f70330230d434b5
SHA256 e2a15f606be65bda31b26f19971f5f6746a61199f3fd36026445d99891acd79f
SHA512 4dd31847bef857bc29bbaca34859dab0560ef74bfe361e23c20696d7cf291b8e61e401370844922dfb774e2eb8414e9db14aa8de4cb32b4ad62d25a82f4d3c4b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 373d9fb91b3bf6d8a57d2bcf91d8ebe1
SHA1 b194e6f3314cf772b2d3d10dedffd923ba2ee5eb
SHA256 76e7dc3b93a632f39b1b68d5444e01c5bb27bb50bdf0b0edf06fec68a3ad50da
SHA512 6bb11c1a6681b883e311c945b4de558a6ec3b9f79dcb7a3b23b6c9f8b74c1794d46a29b13ffcd2345accda8e48d08f0ae58c30b5e14ec79b01ee472f9da67361

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:10

Reported

2024-10-16 08:12

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Signatures

Renames multiple (3897) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 c52df37b0becc04e4abb73dc2a7a187c
SHA1 8f14eec9dca802da1cd44f46ad4eb957049d6017
SHA256 631af5d08aed8682438a00fbce9c6ce0e624c7a9c3c7d723f613e9e09d4b4d6f
SHA512 09cc4552268e19997161affb094ece4378939d1579f8d7e8595734f9d1c96f25bb6f2565d56700569f0046c9cf4a1b1a3d785f001a8a2545d7682113518d4843

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 04a6dc4ea0856f64020c5554d0326cba
SHA1 09c5d3e601c80e701bbfafdcec30f8dc720167c8
SHA256 314a629ac59e9ff71d3940700cdce64ff19d7d86d7a8f5ec7975e7c93bdb7351
SHA512 88c448377b6fa9d0df4da11514e54d58a140f217f8e5a7f3b6041f2fb6046fd061b184eddbec424ad7873c341608e2e0321edeabe1910e52fc167e7df9c5f189