Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-xx3xfatbjb
Target c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN
SHA256 c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6c
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6c

Threat Level: Likely malicious

The file c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4685) files with added filename extension

Renames multiple (3458) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 19:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 19:14

Reported

2024-10-19 19:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Signatures

Renames multiple (4685) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3240-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 72fb6e1165517caf07ed6449a54929d4
SHA1 7f3c85ae8b8c29f43b005b5f90dd00f1f18bbadc
SHA256 eaf81c6fd6e450e568e3f5824d978ed12d03e11358458972535d3041b8b584b3
SHA512 34af98363fa3b4a36e90b9cf21fde4c6f99d6b410f05504bb83400ab9462002f565f8803619e4ccaa5c6288e0155d07d9f40efde7ca8d8d814e76500e369c929

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8b19af8ad719de584a97b9c1ca4d7543
SHA1 dd403fdc8d9ec39423f3eb16b2be5bca583b44e5
SHA256 83585f99d801ce25045c03cf2cd767caede0ff717318af217d81e5be0ca18232
SHA512 8e718d5172d69359b4ac034210de0f0aea2faa1877c07ce963d87c3cc7ed686faaa0bc599d2a65902809b866cf6031f93ea2c6686aedeae1263e466e1f5ad2e5

memory/3240-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 19:14

Reported

2024-10-19 19:17

Platform

win7-20240903-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Signatures

Renames multiple (3458) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Network

N/A

Files

memory/2852-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 66e5517fda4f4ef63f66632c6ede2760
SHA1 12abfb7a36bad4a3bbc3b252310c98f22b6d2140
SHA256 c72b7dc626a8fd75d28d6e22a2cf49fc6209452158cdde2eab557f46e7d77a6f
SHA512 a063cb88bc90f3bd091795c0e14485aac3af1ba5dcd32627afa2b39187bfb2eb16af98e772087a3498154ab4fbf1a37fa1291a86853e43ebe848a8ea4c4e04dd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 09e4a087249c3f2d4b3470155963c561
SHA1 465188d340407fdad0f21dc3b8babe62c43a00e4
SHA256 90ab4a1ef960560b62c9c24f0ba95d7c9f0de2a2a9639ad2c03c4c2052e2b38d
SHA512 8b34182cbb269fb377950c19f2f60a17ace457c6520ccba0addd3707204cd455e9fc01e369c4d829a43f7b6198ae30a787382eefd630d5ae28805dd090ae1754

memory/2852-62-0x0000000000400000-0x000000000040B000-memory.dmp