Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-ddntmavdpa
Target 00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N
SHA256 00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0

Threat Level: Likely malicious

The file 00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3269) files with added filename extension

Renames multiple (4538) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 02:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 02:53

Reported

2024-10-20 02:55

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"

Signatures

Renames multiple (4538) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe

"C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 b43e72d0ed170b7e84a314423558bb90
SHA1 68e4c17703580135e76c77759d44239cb04d955c
SHA256 4c832461f30197bf6098695e5ff90a78535e0618719c87589d73cda8329d6dc2
SHA512 5663b4fc4899d65719e00e5a9f23bb12528c807466c6f7d30f3588c07f0d52c1d5cc20593a48cc1f4fc3c5f4cb994a4f01b86a987339afdb4dac98d8e6531815

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 301b47a02580d06103cc4e2d8653916c
SHA1 3f5c838385fb1c61b1f8f8421bef20706bebbe1f
SHA256 f7c07b326a5594d131efc3e71df3c99c399a26475e387b0a0314cd50c10bdc70
SHA512 030224b65598af24ac914e201ae541c915ea9875f6152807558ae753eb19d33cdb531c580b2faa5351b77312575593cd82071b3714fb23530b9e7b0f3753e64b

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 02:53

Reported

2024-10-20 02:55

Platform

win7-20240903-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"

Signatures

Renames multiple (3269) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Mozilla Firefox\application.ini.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\UndoSearch.svg.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe

"C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0da7f284c276e842f30507a2b831768b
SHA1 252142eb126c183540f4b9a83e85df430d40b9cd
SHA256 dfa20c70fc6b862017923fc40115de698ff953bce495851cc9223ab25ad6827d
SHA512 dc2b60528e2c9575047c0d89dae68fc942b39c98593c9a0d40eabe120014adcdd707841a0fb0a155b53fdb05409422d33daffd184aaa4b24175570fbe4543d0b

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 e2cb3a7376203268fda5dbb5b4bcab51
SHA1 556fe099f5d61b28a74ee2ff27e976add3606595
SHA256 f8061283ae11af3427279669ede41b19847b5f2e6877a15b111697bef044508d
SHA512 a4a9ac05541fe3698936b73038aa1c19781b6168626fa20e751f277c4f3a46a2035fb22cf0fa3cc522ee0a9e33cc749ce78344cf1228af3e8641ca500c9a160f