Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-e36leawhpq
Target c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239
SHA256 c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239

Threat Level: Likely malicious

The file c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5047) files with added filename extension

Renames multiple (3683) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:28

Reported

2024-10-16 04:31

Platform

win7-20240708-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe"

Signatures

Renames multiple (3683) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\AssertProtect.rle.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe

"C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe"

Network

N/A

Files

memory/2092-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 58c93894777cc8d2f3ea5772ebbffc77
SHA1 31beaef61cc3766c9c31fcbe0ef97d2cf42258a0
SHA256 513d8e799ae5e2048a62f3f8993e6b178174425b7cd57f5d20b75b64d33a223a
SHA512 a1db5864e5ed83c5381abd21b8951f9c6cd47bebcdf87361913e7d2bffc64fb7ab91ed6a815f8b6a575bff5ec380beefefeb15290c4fa72cb181110a5e6247d7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2c7edd558166d3d7e8f58f66be7d648f
SHA1 7089ea24204f4a820ccfc4fd314b6f3f8ddafd9c
SHA256 44d72a951f9bd793a7085e9e0702ed2a9ab9ce3f9961f93168d696004936fac5
SHA512 853a45d8d879ee567022e4bf90de60484228b4f7c8d55fdc5fae973e1acc2860b4b56bc6a10a01707779c288d281a1a23163154049ef864d4a4fecd31fc72d8d

memory/2092-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:28

Reported

2024-10-16 04:31

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe"

Signatures

Renames multiple (5047) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe

"C:\Users\Admin\AppData\Local\Temp\c2305250fa2af1f456efe3c2ba9a3da084f65fe8b7eab6b91b708b4cb6fe5239.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4088-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 cf4e07c0bfbee90ca2e99aaa4710506c
SHA1 1173166ff70fffd717cb8755a0a4ce2d1899915f
SHA256 0a3ae96298237d37e3269d329b7d6800fb3698540bf81bf85a72ab5c41e74749
SHA512 9f3cb39de2e7ba98cb1a4c2264c26efcb6a5373a732c5293410cff6e4d17c8a26fd37f5fd0a0cfebd85624bbce54221ef596ce8d36d1f2b0a93cc39460d676f8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6e0d27a2282c0e914fc0c50c11545dda
SHA1 027e4745fa9b435a474762df158d385a778f60d4
SHA256 25db1cb02b00d93f03b1ecc4733f1eaf2707848243ded89592dd6f8fcd488e10
SHA512 86be40bbb9d3d033837d8cccff1bff7262f23d10634afe38b91cbe218fa4d8fea648c7da6e296e66188393f80f672cf5ce2e01827478578486963c1a3bb1a727

memory/4088-776-0x0000000000400000-0x000000000040B000-memory.dmp