Malware Analysis Report

2024-12-07 10:06

Sample ID 241112-19w67ssfkm
Target 632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe
SHA256 632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b

Threat Level: Likely malicious

The file 632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (344) files with added filename extension

Renames multiple (4648) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 22:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 22:21

Reported

2024-11-12 22:23

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe"

Signatures

Renames multiple (344) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\ConnectStep.ps1.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\CompleteEdit.tif.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe

"C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 9c101be7c444a23f888ec9305f26fcf6
SHA1 1a0c5221711795b2b17a454de8d9962708ed902a
SHA256 3287c03b9b5afdef09eb445c0b1103e81858097a010abbf042e8b1ce1dd524da
SHA512 1879dddcc81b393e13c2a5168d41b2070f0320aa0266cdc274812c6806eca7550bb9565ff9600ebfdc43da5bf73149cdcb054b5d9f58ffcaa587a7b86c525d9d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b9645c8c2529b5c4199f86a9ae98ca88
SHA1 4d4427547b49bde06022f3f2ccb16b7533d515af
SHA256 f9410c0088828ed7cc4c7af6f18a5f86e797ad1f5f88bdd7be797fd680239966
SHA512 398064caaf9a1d1068ccbb3f83e434b871e18660a1f3778ab6427f58836afa20ce671ad43dbf647f711bfffaab3db02696dde1f8777d7841bdc0e5d3054f487a

memory/3012-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 22:21

Reported

2024-11-12 22:23

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe"

Signatures

Renames multiple (4648) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe

"C:\Users\Admin\AppData\Local\Temp\632f78c452dce678bf07683ee79d143ff23967f15fd6e73c82617bb7a8bbfa4b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/1892-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 adf5dd30949a911701dffe18faf69dd1
SHA1 f3a06e89338b5db3224c9097dc27ab5f99b924a3
SHA256 03822dd0b25e40f42693b05863f2a7af68007f276fa79952efbb7286648f8bdd
SHA512 ca139f58f69d1b75c668ce083e48e037f45114bdc3ce9974a9a61e66da45c831012e1c8ea0dd642abda679837e3844d2072480c81cf7b27f6b4d809141d038a3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 99fdee20648879352d7335c243b3cbca
SHA1 50cf84962adc7ae9abe1826c32cebe6368a47ea2
SHA256 4fce9bfbee67247bce66f0b93076a2e1e4d80f98cb758b93a1bbac89ba54ef59
SHA512 ede92f9f1d83c722a79b8060487c912d2ab7c6c9dc82a497a3359469e6e2371f6d75fc80a5da7d7118f736f1d70e5e6fc3b3ec24e435635c2b1bf432dd5c88c8

memory/1892-784-0x0000000000400000-0x000000000040B000-memory.dmp