Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xyax2s1dkm
Target 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de
SHA256 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de

Threat Level: Likely malicious

The file 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5024) files with added filename extension

Renames multiple (3794) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:15

Reported

2024-10-16 19:17

Platform

win7-20240903-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Signatures

Renames multiple (3794) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\JoinLimit.rmi.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\OARPMANR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Network

N/A

Files

memory/2780-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 41909cc552b5168b47af54031745e235
SHA1 e852e6f2532006563ca9c1d857374310a8deb591
SHA256 56aa12ae3824aef483284eb9bbad8353cfae991166fc7fb7fe144cffe3228a69
SHA512 c6b644bc85c58d14461ef5e34b085784d9e2662001f94f3c6acb3478c262ab0f0bdec3f5fbb50915c93640daa4c81efeb987cc8413a33f502292ca2db56a7109

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 854a2a6bd8492574036d9bfef907ed09
SHA1 0e98946ff64cb20ceda03e1023b03866d1957104
SHA256 2e7a0c5cc52d9dfbadedf94a345fc9cb3f65a27d6eaf699b7fa103848af0cae1
SHA512 66b9abbfdd642a7922d32bfd606632d8301f1a2dc76d1bee32f64e27c003869ee61191064a518bc48831db85d255752194bbd7adc6e6a2be1ba5732e4aeeb400

memory/2780-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:15

Reported

2024-10-16 19:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Signatures

Renames multiple (5024) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/1204-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 a6f407a92dfb3455d48041421a855479
SHA1 ac5e4e9ab060e4bc03924f2c8b49de37bbdf6621
SHA256 7e7e4edeb8e6535dc9490431411dab6da044ad6d0bb577290a473d89862a27a5
SHA512 e1a92e9b1cc1d68a9aa4c1311fb8df3c5d4fee026b136560e0b2c1f57d84e75dd0eda0a9f78796df26fc849bc1a11fd70053a70713a0190acb8ac68ef2f961a4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b8112887b083ee7af18c1dbebdcf5773
SHA1 2c17025ead6940249d483742629f6505abe4658e
SHA256 94cd04e63f905bb7b3afde4fdb56622473cac999e1a419597730dc00c5fbca4f
SHA512 236e8eaad869f49e0584c0a4d912b76766d1e002596cf5bb50af9a5f9396bd37fbd76bc44be33b0cc267c900400a063ceb606b96d8e0c8d8823d9cf4b6b27fe1

memory/1204-670-0x0000000000400000-0x000000000040B000-memory.dmp