Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-z8v23stdmb
Target c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN
SHA256 c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395ba
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395ba

Threat Level: Likely malicious

The file c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3166) files with added filename extension

Renames multiple (4384) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:23

Reported

2024-10-16 21:25

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe"

Signatures

Renames multiple (3166) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\CopyConvertTo.bin.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe

"C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe"

Network

N/A

Files

memory/1356-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 bde459645ecf9d350a00f7690f2c3fdf
SHA1 e61575deba0ef2f781741edd0df26b564bde787a
SHA256 745f283345b4929fdf851edd57a39015854d5625d80ce0f1a436595ed6dfe1b0
SHA512 05fb8b8d4d5b15e9a1fae647325ff0a6870afd03eea2fb447f2aa0a14e5eba79af2480dd10ddb78557bac06ae98523d99cd614cb7898571254aec6edc204fa1a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e70bbab13c6824092f42bc1cdd627929
SHA1 83f63b8dc5338a97d70ba3266bdf33026fecd0b0
SHA256 f1ab3a772b54d408fa5b17f2c83dafce42ef0974964ec973fa8a334a3b23e656
SHA512 76de4dbda955d89d335ff8825410afd9c1fd224323581ff89634ab14c56162760e1392a3baca28f2273f0122aeecab7620bc00b8e2a527124f19212373392348

memory/1356-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:23

Reported

2024-10-16 21:25

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe"

Signatures

Renames multiple (4384) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe

"C:\Users\Admin\AppData\Local\Temp\c3e76eb6df9367fd91226f61cdee7d4d83ee74eee05580e55e14a451354395baN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/2464-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 e14deef46150fd9793cb1d802a116aa3
SHA1 81cc694071622d4d62835d830a7101e8ab1d47f0
SHA256 dd960e523cd08d77d144905655032de9a02a1713606d2c28c73634516b2dde58
SHA512 3a3f37b0095b7828e29bfb5bce2d8fea4833280ac05fa565c26c4fbf26c8ceb47632b086a7ff29226aeb133ac3279dbadb614d9137700dfb49489e82d85996e4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1e2540b9f34fbc3fb2cc05b090b80ae6
SHA1 20bd756d259923dfcf9c1868ff4cc8b78bee62d8
SHA256 4c7dc89efa041fe59d73dd966490c0524a1a2f8d252286cd0b6dfb8db22e9668
SHA512 c79189c4df2ddbd47e85f16c7ec81f9d0229a78d96c9991d0274652c73b22e0a5f7f3ff5691ecae62a7f5a29a84216bd29698c02e7f4a799792b3cb69e6444fd

memory/2464-662-0x0000000000400000-0x000000000040B000-memory.dmp