Malware Analysis Report

2025-01-22 20:35

Sample ID 241019-z4zjpszanh
Target e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N
SHA256 e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24

Threat Level: Likely malicious

The file e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (2805) files with added filename extension

Renames multiple (4071) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:16

Reported

2024-10-19 21:19

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe"

Signatures

Renames multiple (4071) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe

"C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/336-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 7a78dec75a7b11b99f3102dc10debc44
SHA1 84b88cd05d537940bc4965fa263d20c5d5353e51
SHA256 34017b18379d642221f3f5f08aaef3f54767b8dda7cf84fc33e72c23c980980e
SHA512 6eaddde39bc70e73c0a9fb7313b3fd36a7fd848be98a5971dc4b97c11ad7713bebed12cf3c438ca1cbcadc2dc32a44c6c7f4d6f98e60f33c6983db16a1693f2c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7084fa0f57303f377b80244dd24f82cb
SHA1 35451eb3900f52424f4632be249a3d1b087340cd
SHA256 aba7124b6469f1fc18b7727dbb503250ec2b43f76b377213cd45bc0640f044ae
SHA512 01da17527ed9777b1375fba3c963f1a8616bfe315872830f5c14631e9ad119cb515930900ae3558479ccfd1c172ecd4d1a1baba5441f7637c43b5bf52efbdb7a

memory/336-656-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:16

Reported

2024-10-19 21:19

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe"

Signatures

Renames multiple (2805) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\DismountStep.mp2.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe

"C:\Users\Admin\AppData\Local\Temp\e5977cc4ae60ce2604073abc22462d286c6b390732a73e6507ea2a550f764a24N.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7e40b3ed55092331d9f6f6505f2b6429
SHA1 570ccdee081bbc7fd0ebfd99adc479c23d991e2e
SHA256 9c2f08b88dc34077e693331d8ea34f5556426e3037fe75cb0357ff05ca3bfe80
SHA512 6348d7773b81b690246edac011004905e5731dd4b4bc185268973a1eaf5326959d60ce6286e8d74a6daff06b43631a364d59ebdf1f7971e0f23ae6391035c647

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 288fec78093834cdbb182e1609e24a24
SHA1 6338b5ec4ac9b415fbc15d18f6e959c6904a7ec3
SHA256 07dd029be71036b980f07b6cf9a6d7e5d5dcee8383c79b4e8f0a23ce94bff578
SHA512 116f95bc7270ef3bc90824e78130af2b8e0d529c4e111d18ed9a342f6b0e53950da3f468170e4fb2ffee1b5fabeb75b8ab7f96f4cb48a499f5a8540945c031f9

memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3000-70-0x0000000000400000-0x000000000040B000-memory.dmp