I went to the exploit url.
I viewed the active process list
then, I checked the list of unrecognized files
0.7980349292412589.exe is in the list, but C2.tmp and C3.tmp are not.
Please check whether it is a bug for the unrecognized files list.
I think that the unrecognized file list only add certain type of files.
I don’t think they need to be becasue the parent process is, it will not add anything else that is spaws because it is already treated as unknown and everything else it opens will automatically be treated as unknown also.
I noticed that .tmp files are usually treated as trusted… it is right?
I noticed that when I was running some malware without sandbox, only D+.