Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xe665szcnk
Target c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N
SHA256 c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2

Threat Level: Likely malicious

The file c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3737) files with added filename extension

Renames multiple (5118) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:47

Reported

2024-10-16 18:49

Platform

win7-20240903-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Signatures

Renames multiple (3737) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Windows Sidebar\settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Network

N/A

Files

memory/2196-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 7634a151a732fa000de10a20927637aa
SHA1 d83ff868f3ec4139b1195f1f7f4548ae8478ad93
SHA256 78c9404badf048f86df3b5642e880b18e769ea54b7cb8531acd24c036b9decc2
SHA512 a180c78f4bd46116f762b0d0af65d2f461533c9b490c71282340fbe927697d3844b8f241ae75516bf58eb3067ce0dcff3b3b424700d5be4457d190239fe8cb0c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9fdb02d167799fad2b2bebcdbea693d5
SHA1 2040519427eb2d388f7da52fc86106b4ff9c8a62
SHA256 3303a4d4641041078ac282d685c0ad4c791ea26bda900b96212ef33cc0d25323
SHA512 b4438c0721f867eb7966c13670cc7d9613a8de84e0625b61156dce69473dc3f285fc3d07c28f301ff24d790f057c5952500b64be9ed09660aafe148c14830745

memory/2196-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:47

Reported

2024-10-16 18:49

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Signatures

Renames multiple (5118) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.122.manifest.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\initial_preferences.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe

"C:\Users\Admin\AppData\Local\Temp\c295a735985ba2485812a0ddc4b4dd6b5a7cc6decb896bb62e32e310bfca7fa2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2484-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 7c7101f7476fe1602775d87400faf835
SHA1 455e8096c83afbc4e7f09db5b4aa7a73e15c7cc0
SHA256 c1462a26473e1ce5609c7387584dbf392251becc8b6cbfb5f1af5296e8e29f8f
SHA512 77f2d02fd52a0881ee5de5c87c8493ef787c54240c3c1a68792c970ec0454922dd6ec8faa00415a6ca680c61d5ee95b6bd557db76d4e8ab8481513d306e8670f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 67b7e03b7221002de2cc034109853857
SHA1 82fe770a21135c3ab0f884cf98b0b348767a0b86
SHA256 1f7cd675eb72f303ac4ca72e7c37f7b72a3fe54655e8f38efee79a95bc49e318
SHA512 2c725ef35eb368764161d1d17eddf3d3b91635234173174907b91ee15ce5aecddbc4ebb57b3d4e99cd776d4dbcaf70049d1027a3afa269843836f80fab39162b

memory/2484-717-0x0000000000400000-0x000000000040A000-memory.dmp