Malware Analysis Report

2024-12-07 10:01

Sample ID 241114-dbgbrsxjhq
Target 4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe
SHA256 4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380

Threat Level: Likely malicious

The file 4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (2891) files with added filename extension

Renames multiple (3959) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:49

Reported

2024-11-14 02:51

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe"

Signatures

Renames multiple (3959) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe

"C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/636-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 994ea3f6caab41c0de88567c3afa5259
SHA1 87b4b7e3c1a43f2f91532299bf4008964399c34f
SHA256 c2630c5f5b741412f25301e7608d2ca14f42ae191e9306121743c493e22aeb8f
SHA512 134409e95b561ca888afcd698fe0efcab683664eb7af2240cacfa11989fb68d71ff4b3e177f7f500b963fa85f360fcdf3bca0e074ef4ec1b95d3d56777774f0d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f3a0211d4602c1b72f61fc3d6c6ed3f4
SHA1 06caab5bd554120a6b40332e0af64cbc027b5b03
SHA256 199264e541ae1ba143378efb09706dcb8da5bd3ed76d4ebed2e50daa8663070d
SHA512 8bc18aa56a156a1eb38cd44e3ebae39191fb2299bc7f3a444f0f874a396d972273d2ed2383d865c4dab4c79ef5cc21e90233fa6d19a368f7fce3a0a4ca06d79c

memory/636-651-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:49

Reported

2024-11-14 02:51

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe"

Signatures

Renames multiple (2891) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe

"C:\Users\Admin\AppData\Local\Temp\4a10b339254d83b8bdc6a1a209b7faabafc13a2319a59ba4d215e362a4730380.exe"

Network

N/A

Files

memory/2068-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 fe8ba3cf9e40a5fddcb4364d992c3e07
SHA1 68e710c534715acbdae1fe3d9c7cc7172cae47e8
SHA256 41ca08446c2bb3f0d82bd9c576484e47c3bbdca2a9808de3be0a57b72883f27a
SHA512 c61be7bef868a280b0143fba6c8fd5c24e7648fc5961813b25cac7ad051b977ffa0045cb2d232e413d5e9beb90b55928474c33a9f06d0485104a888357461356

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 be328e18ec23e622058db7136de5df3f
SHA1 0cfe5279b29bce5b7908843f8790096efb926fa5
SHA256 2412fc93959e2df7f933de3a3e9c7701955b1d8fd9e2a04ecc979dda2d1a1526
SHA512 f5d7a3cdd57c5a4838a7f8a6ece26ccc5096229f164d199272fa87af5a48744f914c941c19c968d28261b86809bf18a48804726164e57f71ed06b3e735b26cfb

memory/2068-75-0x0000000000400000-0x000000000040A000-memory.dmp