Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xdsblawamf
Target c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N
SHA256 c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2

Threat Level: Likely malicious

The file c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4643) files with added filename extension

Renames multiple (3276) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:44

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:44

Reported

2024-10-16 18:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Signatures

Renames multiple (3276) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Network

N/A

Files

memory/2016-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 bf5e31f0fd4fabf0b7edc0a03d88d2db
SHA1 0c8e3329d8c85c1cb795d7c1b6a8efcad705a532
SHA256 72d5f3840343f29424d22ba06f5460c5f3c6b207f20886e390404606da2c62f8
SHA512 73b299db6fbbbe1bc85b8509f8b430d9d1961dee92c3d8e0c8686c3ea076fd67022d11b89b076bba329e1e1aa8d1c452bc25afb12e69465314dbb72d21898941

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 872fe457114c88dc10e15eec4540d2d4
SHA1 3eb2ce2875ac4f291d216de9616433c12540bbf9
SHA256 cfb92deb70489ee32fac4e2d1ee3ac77b88bcd8e4a00d315ec28aa427bedb4ac
SHA512 7c05c2ea01ccc6a1f398f5cfc56bf91653ae67cb5fac441c43fa8ed23c9668e70b353dc6c3d02b0e85bee060104daab4c97abc051a2608c58b0af99e390f2cc3

memory/2016-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:44

Reported

2024-10-16 18:46

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Signatures

Renames multiple (4643) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/848-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 0c8f93f5454a505a3928de6ae06e5069
SHA1 afa3f95109aec34a291345c3c52d5ca9892b2efb
SHA256 421688348dd1a7c8544e7ad599dfa090764c7f95caa6dfc8b954f484ce01854e
SHA512 462c071c1734e7c62b140e1050318b1665121f3880319241cb7b66c9a3b2731bf7610947b66201fa2969fc632824ac875be2e00a0257ddca11d5fa9e7bb869a3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 057dd738b34ed6102bff2d626f1b36c7
SHA1 25054ea8c5c93d0a5fc5bebfcc23e6ef48d9251c
SHA256 747dbded53568ad22393bea724a98d2b34488cc8a2269488647e5dbc7f4bd383
SHA512 b91c30e85a018b53500f4b7ddafa757aaf5e5ba599fce9b184cf2e7b7d775c6d60e83f8c287c05b39c10c91ff31df4c98af50f81a3448a3082f25c05cfbbd184

memory/848-743-0x0000000000400000-0x000000000040A000-memory.dmp