Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-kqbs6a1ajf
Target 3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN
SHA256 3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130a
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130a

Threat Level: Likely malicious

The file 3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (1371) files with added filename extension

Renames multiple (5341) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 08:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 08:47

Reported

2024-10-06 08:50

Platform

win7-20240903-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe"

Signatures

Renames multiple (1371) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe

"C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 746d3516f2b8a2a40be08e995dd994a9
SHA1 fdf558ed7c3132482d2618c56fe1972a4b9d2371
SHA256 02ab504e11e7678096130bc2cd0e8dfe7ae763d3869eefea2cea9c8b906c4904
SHA512 8c3df55a499028dd1dcbb1df175aaed387515400a4b2dab32221097559293a80991cc269d30ef8caf82c9ad30df689c3c4d3687af8848ddd11151ea85c6d658a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0954ad795f1db9371e39ee9e048f6f1a
SHA1 309c53163aeca7d92fc4972603d6b7eded1e7b50
SHA256 0f6d640db811d9bdfef3664b52e10661a72407553ab566cb23a1977d640ccdc6
SHA512 bc839ae32ce69227c9bd159729c6bc2f0b3a0e558fc85c4b0c77b3b44c42414d4659ea294cc368d920e2fc579cef17bd1f2a3102eab50928336d473ff894915b

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 08:47

Reported

2024-10-06 08:50

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe"

Signatures

Renames multiple (5341) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe

"C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

MD5 e124d1d14923d10b7e34186249e7a7a0
SHA1 3b3588fdabbcc5fd426db533f163e656717aa318
SHA256 0c28b1847baabe08386b7d8813339e8b1741925a1b684dcf7cd9669129b0dfc8
SHA512 f1f22b0cd2e41565e6312c3adfd2e8479353f04bd3e4b8d014f564c54047679f874d744312f6cef5fa4b4b8f62ff76d68bd80701f8d7ae85c4bb6550980aa700

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c68dc856ac0e5aa4e239581b105b8b56
SHA1 fc21ea2485d090c1afe416279e12070b74b36e3a
SHA256 a58521e4782b65f3bc5afcc3500fd9dc6a31f0341af8f3d5df74a05d69fbeadb
SHA512 9929ab8be3263ca85378a5837dea8a867212224f5747fce92a88c089bc3895591a3a15a9c05b0268986f6b35ae450a8313bc7406cf3e2bd0ec15b20d83da7c11