Malware Analysis Report

2025-03-15 08:23

Sample ID 241021-ac8wmayaka
Target 835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4
SHA256 835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4

Threat Level: Likely malicious

The file 835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3449) files with added filename extension

Renames multiple (4621) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 00:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 00:05

Reported

2024-10-21 00:07

Platform

win7-20240903-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe"

Signatures

Renames multiple (3449) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Windows Defender\MpCommu.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre7\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe

"C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe"

Network

N/A

Files

memory/2100-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 8109e94a6fa3615714644bdf83ba8410
SHA1 f48e003688d81e9fd4649e658abbccc2d155febe
SHA256 6fe288bedbb5504dc5552d27c7c938c820778a445b9b601164705e154614a7cd
SHA512 291ca03cd759c1aa6df315ba233346145d32abb4aca7bd87435ba7bd8766288edc2f7d086e80d84ae822e5025aa379064757c2442071f881c695039534330ca4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c09e5b35e8ddb89be0878f5589c79514
SHA1 27436d2e0de5514566ce705e9c5f86af2315ea80
SHA256 7f7cc1c69db0e53f53a65f85a43aa560a0b9e888b94b8884ffbe4fd3ec736f0b
SHA512 b83ec0fdda8613ef7a4fd0c75841cfaf3acc2dbf09ed546e1d56b5639940dfc5b04bf26fedfca3c7232c9352c2b513f0611068dbfe245dc7889d86b7a839a489

memory/2100-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 00:05

Reported

2024-10-21 00:07

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe"

Signatures

Renames multiple (4621) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe

"C:\Users\Admin\AppData\Local\Temp\835a558aa56d87ef242c67e8e52ae44f56f4b50193af08d839437feb44137df4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4088-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 08685577bdba9404de42c019616bbb77
SHA1 e7272afc20dcc4df965372d2e1e6309dc837bdeb
SHA256 27f8d357a7a2fa09e3e5920bdb9d58c58035621539c714b67f1da2a9c0efacdf
SHA512 122dd19a6ca1167ec04c984d33225a3e61c894902832ae4b105a59eed5d0add521022b4e79abbe3d433eef4e1241614d4a36dc2f783f0f13ec93a7bf407d8481

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 caae663ca76a35b76c0d8fcc5db2e529
SHA1 bbce79a2f871ffdef3c3705c86ba8f8b5bc36e5d
SHA256 75e826760158105a4fbe5dc7a0734737bbd89709e3509ea4420baeab916555d0
SHA512 8b98b8d22020553fcf9670e00bac8e9db0a03bd9a81f8b2e42225f0031102381c2fbd6d44b636810ca605f10975bc403e08d97677a0427dfc4476ecc6de34b95

memory/4088-648-0x0000000000400000-0x000000000040B000-memory.dmp