Malware Analysis Report

2025-03-15 08:22

Sample ID 241020-1sj6bascpe
Target 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8
SHA256 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8

Threat Level: Likely malicious

The file 5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3459) files with added filename extension

Renames multiple (4919) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 21:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 21:54

Reported

2024-10-20 21:57

Platform

win7-20241010-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"

Signatures

Renames multiple (3459) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Defender\MsMpLics.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe

"C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"

Network

N/A

Files

memory/2524-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 7d6976908a9be3135f22246a4185b73d
SHA1 b250df9cb651fbe2905d5c61aa21b5de26773a86
SHA256 f5c69dd0dd8bc12c29b71a5d3797d09ec7d5ee107972c49151ed4f90277ad5e8
SHA512 85f39e1523cdc8bc10268949d26691657a98694219afbd917b600d4e5886b3b7749715c8f642795297cd3562e8a55be1722ada1a1c10e49cefb4d911ac6c472e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 392d7cb606458a59fedb21284f6a139d
SHA1 7f9cbc6202e6eb1a5ed6828c9c6849ef32bcca85
SHA256 def11a50ca8d397cc48042e7a9eaf7eff5526915e9b250e5f556a91c8e712faa
SHA512 f708cd815cec12d781b87eddfe0231a748cef3d0800fe6d9015192f1e439505b93005c9fd2e077ced600bdb0725c54b43ce92567d6d7baa0d2a158e2df6e5c71

memory/2524-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 21:54

Reported

2024-10-20 21:57

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"

Signatures

Renames multiple (4919) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Crashpad\metadata.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe

"C:\Users\Admin\AppData\Local\Temp\5043883b9356884ee9322f0084b9576053fddab8e03e083ab787251113fb6aa8.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1092-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 03563989339ac488cd8f2cb5c15fe140
SHA1 18359b747c335a74f9763a1d2467e1a68f69fade
SHA256 af68ea28d67c7eb2ef1a9412ec5e8f7ad439a3929fcdbaecef7c20a48afe5b79
SHA512 d93739eca71e0fde119c78abaecc50ffca992b5dfcb07fafa752a7bd8c76f178cac234263190f9766e3ea67bda2b18b92145fddc4a0b4077a6677c9bd3566bd2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3f2f16ccf7781bd430d2cd9d4455557e
SHA1 ccab6afb0f160496fa0fe5c973f69fc73ea3e52c
SHA256 a174fad7b51da0ea0bd7c995f442d875ccd4661f48d6faac4c776a1e0effd77a
SHA512 503a859c6dd5c36fefaae7c6d788e76b6dc04cdad5a47909d443fbc882258b7f57885ba825bcea841c12d3e147c6e728af77f18529bca5db56f4d8329b36571c

memory/1092-664-0x0000000000400000-0x000000000040B000-memory.dmp