Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-ddg13s1amr
Target d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30
SHA256 d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30

Threat Level: Likely malicious

The file d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5198) files with added filename extension

Renames multiple (3430) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 02:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 02:53

Reported

2024-06-16 02:55

Platform

win7-20231129-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe"

Signatures

Renames multiple (3430) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Windows Defender\MpSvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Windows Defender\MpClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe

"C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 121f13bbc765cca2503f9e9a2973b251
SHA1 bc3157a0b24ea0e04be5e150b683d2dde38b1676
SHA256 4ce15e59927e16007bbb39d84ddcba441f14c1632c1ea1c26be826a049895efd
SHA512 79db644433ba59117b2b91f3d918a2e00b15a1270541d0bc6620f01987e9028f14bf0c5cc284cbc5bf7dd04552abce6d184739e4d78555e79af6127563aa9530

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f4fe5e9e6d8d65660c3fd3c85e5988df
SHA1 64a565230571c2a3d65791ed4196c087f410fdd5
SHA256 c39b51aae2d7ad8c94c3cbe16ca44c8724393e62a6085f0f0f9a60ad52c4b7f3
SHA512 44699920a1044cf4a1745afe6fa253f041a183dd693dc060a2faceae6ba779cb1f36dc704c91467b5418d77039f2f11ada0ad11128226bccd0ba0349ca85e7c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 02:53

Reported

2024-06-16 02:55

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\QuizShow.potx.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe

"C:\Users\Admin\AppData\Local\Temp\d11d2c734b713c090012c9fe3648af2927e692c21fb67bce87d634e4c7e56b30.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 7de6e5ffe81e509485d3ae18dfa677de
SHA1 a6499e66d6e9a6fe254c6d5ce8e8282314583328
SHA256 7a6dba368ef8f2d6e9e153588d9c376f12d7e05e9b2f84569c7ed9d1257a5fb1
SHA512 c87c4824bb99c4c3ac17c62ff25aa66a49e5ad2c8972de7c13876df5898cbbf3df19c4cb81485c5b162685f74975bad881597e5ed456501c5976236849bd531f

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 6d094602180f7fe191e96bc27ea9a56b
SHA1 90d9c9e514758cf15cf5f56bc039fd5a5ca50df1
SHA256 4df8eda76821347c977d4bef4d16984bac99da9cac8f3937b17be47dffbac4d0
SHA512 d5ea3a12352d972061817cdc90680a25a0c8cc11ff2779cd18f087acdb97f87cd463aa6775326141275bd5ea31466a981261085b2bd420ec049a1bfabe3a1f03