Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-f5p7waygjk
Target cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba
SHA256 cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba

Threat Level: Likely malicious

The file cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4867) files with added filename extension

Renames multiple (591) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:27

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:27

Reported

2024-10-16 05:30

Platform

win7-20241010-en

Max time kernel

150s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe"

Signatures

Renames multiple (591) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\InstallConvert.wmx.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe

"C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe"

Network

N/A

Files

memory/2116-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 2ef1e3b9aaf3f0fc60eb8461bed23d8c
SHA1 1ffe228681e7e0690d942fc228b291dcd07aa074
SHA256 501cb2a0ad8d242f272d2af5eacc49d00cac0200145b095d72de8051ec022364
SHA512 0f1f2fbd92cc713c9c2f20cb2c2f1f5ca35cf3d96531d8b422a423387778a208849f032e51fab2bc82d1d539b353790edc70b455929ed97bc0109b6ed0e681f9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8d48e42d889e27038affc17c8d798d40
SHA1 61aed7feb23a4784a469a20b270ad69cb8d24336
SHA256 0d22d2f5ab57f3e196841f848b7a37db525ea0d6b6838623012867072d82c0ed
SHA512 9ddcf91f5b0616f2cfa7c505d127227315ad397d89b0e3aeecbd9d60866604d19e5b5e828c6852c45c83c7627b424fb5bd290d6619b3bd4686f132ddb6c12fea

memory/2116-24-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:27

Reported

2024-10-16 05:30

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe

"C:\Users\Admin\AppData\Local\Temp\cd32aa17182ece13b7a91fcde31ac3b584ef48f2a946b4aaf136b49f223044ba.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 1ccfe7593d784e305f9d30cf9d56caa9
SHA1 dfd66ab7d5c4a57f4ac630d33471a9e242278381
SHA256 cee0bc144fbc76cb3f84845c799bd8114c09d7a39a911917cdaedaf188505836
SHA512 776d0ddf7d6236f7d7f72f156e188b2f8c05722a1610faca6bfd8fcc6211270d868768c5f0093fbb8a4137f6f2446405863f81af8b32d9f9bdfd66e0e8ed1145

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bccf91a992a773655807b189249a3ec3
SHA1 4262f6d9b95e348a03b2d0b076b73df076deb334
SHA256 f7b6d022fde422e2786916d5c68a7da3649b77954824fec8b8b932f0e6fcc870
SHA512 93fa03d0bc7ef624cf074211830ae2258aaf30e24e20c7d39ca263473f2c546d5afc9f033d0d09aa5003f6b285dfc6bb0cbdd4b16635d37542352e93c26a8d1b

memory/2240-664-0x0000000000400000-0x000000000040A000-memory.dmp