Malware Analysis Report

2025-01-03 08:33

Sample ID 240610-3nv35avgkf
Target 792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc
SHA256 792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc

Threat Level: Likely malicious

The file 792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5273) files with added filename extension

Renames multiple (3882) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:40

Reported

2024-06-10 23:42

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe"

Signatures

Renames multiple (3882) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\VBAJET32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe

"C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 2bddfcaad77b1ebf293256e9e543adfc
SHA1 5fd6ae25ba9fe8003d792b3908277ec286c78764
SHA256 6f6f6172abcc5e1656dece19375bbd2f838e0ba63bcf0173929d286d227d18c1
SHA512 5fa7434a9965e41a8f621c7de79e22a14628b971dba3e86208f0ffb6c49e5236ca1e68cda77503589dd629ca10f4d3e9a6190e411b2af12335a462ad5e2b7585

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a4b25259d465388b82c3dc9b793a3f97
SHA1 5056b45971e0576bc1100a46a81f40b27857e642
SHA256 77cc32fc2e7f8bf91eb744377c396b6aed474a0b7dd6752d31290180f741b13d
SHA512 d60d12b5287874e1a342732772bc5207c8e4e405c96704063d5a3f4a971a57fe971a621022e23dacabbf57cda56ff3da68297ea836f15dfdea2d8a629f244da2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:40

Reported

2024-06-10 23:42

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe"

Signatures

Renames multiple (5273) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe

"C:\Users\Admin\AppData\Local\Temp\792362f9e46ffefc634d9d64a07559e59cfe9405987cc07153b694e5c0b74dfc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 0a25d637c2cad336133f01b31a9988e9
SHA1 e0630638813adcaabfce205d24b42f3c77d927c0
SHA256 fd631f59ae18a4a37013b79b71b9fce579757557cfbc99d1fa9cbda81f2051b3
SHA512 b3df007f8e23e60230a37a090e1fec8f77d5cdead7eff7332da5bcab58ae43d7f1736a6d6455bf3a42d06f6ac6f3ad0a16fb7d26d169b0e5b267eb79558037fd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 90d5602fee7a12f4d34f317db7dc56e1
SHA1 fab417cfdcd0e8ae26229f7d46cf3fc9b8c16356
SHA256 12f025e23e82b1359247452002016e35aa6a4925441f8f65ac8aa879e04be31e
SHA512 f28c60cf933932fe915fec166536ac0a0c738d2eb53c650f0b9b29139b310f8f70abfb482a25f5529d920595ec76d3b3d322adcbf16a0c6727e26c68265d45f8