Malware Analysis Report

2024-12-07 10:21

Sample ID 241113-d3mmvswcql
Target dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683
SHA256 dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683

Threat Level: Likely malicious

The file dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5067) files with added filename extension

Renames multiple (3799) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:32

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:32

Reported

2024-11-13 03:34

Platform

win7-20240903-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Signatures

Renames multiple (3799) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\WET.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\JoinRemove.zip.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6849649ecc342ae5fe43fd8a3a09b93f
SHA1 16bbbb8df6245c968ff225f64f7784e89b1b36b7
SHA256 0fa6b9bf420b986e32fd95a11ef7da8b7e6ffa2db3c92b836a5a42f0feb45e8e
SHA512 aee5fa109799203b44b0add0b9711063a7ffccf6a8322bcf962951279bb5b80c963f44be5a9a5eb3d7b0f27bacbf56cbb132ec0fd7ad1f060445b79746def416

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 451123e254827ab5d776220f92f8e52b
SHA1 686c3e4c3b555fad3265404df3f349aa0b00f606
SHA256 40e82219467d8cdf2e5f8ea09f8678a19589b9e9ca55ecc795fc696dcc86ae93
SHA512 facc1e9de03d9abaa733bd89e4ccc0636252e1f6d366d22e0f173d50387857e5cb3250fbbc2610038d218102f848de84f99a56e46f27f14ff26ed660f84f61ae

memory/1780-0-0x0000000000400000-0x000000000040B000-memory.dmp

memory/1780-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 03:32

Reported

2024-11-13 03:34

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Signatures

Renames multiple (5067) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\wordEtw.man.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 98.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/1400-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 2d5b2a6260983801a750ea846a0fd67f
SHA1 a4358b62c8874f15231b0ee7ef9b9ddc73a77989
SHA256 9fc02a4a9ad050c5634d3bfa56a19a1ea4537672e5f3d4fcd4d0c308809ac288
SHA512 ea1346148107e075302c17dbbb31070a96276ff30b7523bba2c38f9bc1349330b1ded6c2570b6d134edbf6398a9eb3295c555c79656168a75ea4dd03ba039cd0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6b3f9ee495697b312a8b1609de4a883c
SHA1 63dcf9e510b4311bbc2125c861d894d57a1628eb
SHA256 5b0422f192020551be85de0eca1a1f6a9d7bd3e53c6fd93bf154154a95ef5819
SHA512 49ed9249ad1f7d6f269199d40a20b83180ee664c35b5e0834dbf7031789564f6ffc4cec7452033e2954ad919ee7107d7da546396c2a8344601b03218db76cc74

memory/1400-752-0x0000000000400000-0x000000000040B000-memory.dmp