Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-dg6tls1bqr
Target d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6
SHA256 d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6

Threat Level: Likely malicious

The file d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1116) files with added filename extension

Renames multiple (4923) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 02:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 02:59

Reported

2024-06-16 03:02

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe"

Signatures

Renames multiple (1116) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe

"C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 9bbb417d8636e4bca73b011dce5684a2
SHA1 edccf111f337cd3aa455b118a08b4db9719e46d6
SHA256 d6fb1a7ff90f41f444c8ae8c2dabf7ea7c6008ea83d9254ce0063602f7c68303
SHA512 db2b06e6b307aa540cc4f3ae81a2c352c250b4fc85c499fd2ed7bb5aa7f5ec6f4d27eeed5ea0ffb0b9076d907af5d654e0844dea7d5f3d6d21a4bc45fa89e294

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 92d001cc9cc8c4e5dd4fd7c4d4a5b48e
SHA1 e52d750b3039d18158060d284a8ca7ce9c1512a7
SHA256 1049b4d508aeb804f9fd6b4b805ce27a5bdd3c91072c806ee6139a12fbc34402
SHA512 2988ec470c02184acecdf4fd6597d06ff9b5dca33671c5a5b2bdfa4139656efedec77206cf2b84e9aae8cdb667a6a4fc61f00b1735a0b4cecf3010565a1e883c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 02:59

Reported

2024-06-16 03:02

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe"

Signatures

Renames multiple (4923) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe

"C:\Users\Admin\AppData\Local\Temp\d3a5f79ecd75d379498c1ab2b61f882780e1aeb128b35e92c259278d17bde6d6.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 83bf912bc4fe05bf1a38073a2028f157
SHA1 e8b9521e2f6c64062b4ef2d61e5911a0ce716bfc
SHA256 0ad1055fa694e688da90987a1eab2d3f2d945db8cbc3859f4c95346d51a739f2
SHA512 85fefd11499ce3b7b6dce14cbb108bfcaa67a279cacaa1da78918128c2207412982559853f5936419a4f965b18b2be6af0ace1abdfbf4d102cfa1f76f199dbea

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d42e35d3e72c0232758b3d500a37ba60
SHA1 337712375a0a299cf9542d32ad31aab11da05f4c
SHA256 9b8c4ee3adedc55edc59dae8b6af2355d483eef6c8556bca300ddb0ca070bf84
SHA512 86368362190df4cd00a178e70cf941e2a1b30d44b9d0b3f28df439681cd9fb3c4ecbd74bf9f4783136763816d037d61ca508d118b819ab18d8bb54b5ab4607d2