Malware Analysis Report

2025-08-11 01:51

Sample ID 241006-c7d1vavdpc
Target 429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N
SHA256 429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352

Threat Level: Likely malicious

The file 429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3438) files with added filename extension

Renames multiple (4655) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 02:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 02:42

Reported

2024-10-06 02:44

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"

Signatures

Renames multiple (3438) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe

"C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"

Network

N/A

Files

memory/1152-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 eb53aede7a0a506c063b92e296a036bc
SHA1 4d01e3debd318af9cfced6618f9d8083b227d304
SHA256 1646be6745997666074ee7ed87c96d7ed9e9ed38f1890b511e81797fe5b0c3c8
SHA512 9fd7f9d975d58bf386a29d5688746f3304c0ce8c67f03fdaadcdae7ee84aa9c6c7da66efc0b1a24724c5ed60ff0dab73d65b77548159ac9f697a5a809b5a6a93

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5dd18c0a0d7a25d0bd4ad4a9a86f9c4d
SHA1 9d71d1a84b58c2cb381215309c2fb351d9def425
SHA256 48425f9472e8caa47bcf55056067686e9775f98f5eb10b9659f6cb66cfc7c7e9
SHA512 c880e8859b5a6180ddfa2cbcb2ff0da1b813ad729dcecd6b846d6c49a06df1500a3fc22535ee3f96936789fe07d3f2ab96969e93e8687951725d4c2d69655c72

memory/1152-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 02:42

Reported

2024-10-06 02:44

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"

Signatures

Renames multiple (4655) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe

"C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/220-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

MD5 c7a509d9532dc987279ea62c3a0db203
SHA1 3ffb9442ad8a05616ebb29bd0a02e813d5c95e36
SHA256 b0a1a1dd1b57b57e3df144b62f14d5b9369569d6402f1b3f8ff2e8d7f616dfef
SHA512 e7c533eb6d5b44d2575cc66210a0b83f9605ec4d93c7f4c5d72aa4f2b10bc20cd7905e692cc2d9f9a5f269b76d4967659819d438abf28c87ca2e2e5754b4d7fe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3ccdccb35b87dbb299e2c4327dc53536
SHA1 733235d5ffebbccf1e3778b8f92852993fa59d1a
SHA256 9e9acc0248cbef08b832eb88801c16d520ab70208ece24d4270ecbd5eaa99ca1
SHA512 2451154c38d6822ad255020f9f23de080b65708d12488ff592422c77337634dec38501bf4a8c399cc08cad60f562b216f55272115610e721cbfb022637b00793

memory/220-957-0x0000000000400000-0x000000000040A000-memory.dmp