Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-x5rt5svenb
Target e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N
SHA256 e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2

Threat Level: Likely malicious

The file e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4300) files with added filename extension

Renames multiple (2842) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win7-20240704-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe"

Signatures

Renames multiple (2842) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe

"C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe"

Network

N/A

Files

memory/2232-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 3a35879de6c0c5a72635ae2435e21be9
SHA1 1ad81a7e6d9f71aac8fedffddf01e7787a2d109e
SHA256 fd6103defdc3c65c623831eb4ad23bc02812e250b07ce0b3396eb693930094d1
SHA512 f966315a195ab2ed255da98c581732ea6b1987c8d803dc7e4f877e387cb75cab0c7f51f93a414a28e0845a412ed2aadcf90d870e868563fdfa3bf17e341d676b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8adbf3bf257f8f4bae8ef0673616d185
SHA1 70786c6efd818327d90680637035831647197a19
SHA256 c22499c46de6e906098f6e8d1e6433141628e1ba5e726f8adb8c0603b54bad04
SHA512 608b24b8754d5b076ca8f6c1a820f1267d0b82a2ee245d959d28bcee2f1e114db761f6f228b8c23b73e4379bc4cea17aa0d3d8114daf9457bfe9f0b94ea256a3

memory/2232-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win10v2004-20240910-en

Max time kernel

120s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe"

Signatures

Renames multiple (4300) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe

"C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3812-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

MD5 bec752f7972a9ca6c0fcb8cca7718f8d
SHA1 cec328df3e0da0245aebbf620f3868a9ceda4a0e
SHA256 3e1c5ba2b60ade06744220e8fc8adcf28fde10c0876de95c47504abcd0cbbdb4
SHA512 47026188c12d07bf32446d9637fa57c407c4278850260b710f41f01e935c43be76488928cf4143662d44454c4cf7de333bf430280db0a4d69e8a3e041ba1f5ec

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cbcf98d8bc9288fb13e03d8b76482730
SHA1 b2bb5c16b363d91c93b48b20cd79ed18d7db5987
SHA256 a6a9dce69ac76e2e957859cffe8b86a4551a90de65e1637cc5c976a6ea4bdefe
SHA512 f6461711bdc4527f10f78a11058e571be3db17e05e454ba076564d8f7bc9f5e659684c977c195a5fee22b778693aaa7d2efaaa5f473b12018d430e075c1a908d

memory/3812-668-0x0000000000400000-0x000000000040B000-memory.dmp