Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jme6qsthrp
Target 4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN
SHA256 4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486bae
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486bae

Threat Level: Likely malicious

The file 4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4311) files with added filename extension

Renames multiple (3066) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:46

Reported

2024-10-16 07:48

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe"

Signatures

Renames multiple (4311) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe

"C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4740-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 d8c0bb7a054a81d07301fc89401a238b
SHA1 3a7bfcd090dcb71a16b00ac15b08022693b1111d
SHA256 0f1ef0a0c07bf9dfa031f28897a81c31ac700c159fd51be2ef377f990b4fbbe2
SHA512 57ad9b1f6b7bd09f10260c436d856c08cbea4bbf2c324c2a4accfe84e4cf108ff6ad34e7ed83d48dbbe338264df5d5eff85ca45fcdc5e4647431be847de28ff1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b469507b64c36e5986fba6e01c101deb
SHA1 688fb4f23974537cb35b39c5aaa517eac46f3c4f
SHA256 66eacf91b88f0719e91b069ef8218ce29fa4de1cb6d9615094a7e7028a83bf50
SHA512 d5e05b0ea4c435c45fd457394ec0f0313da04bc5927ae31d60bca02dc4ff41e92a7d42af2a8f78303bd27aec5ac58d0f8bb1602d3a7ab8feecc97abcbf2b3b62

memory/4740-662-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:46

Reported

2024-10-16 07:48

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe"

Signatures

Renames multiple (3066) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe

"C:\Users\Admin\AppData\Local\Temp\4aac0dd27675cc12350a2691ca3d9a584bae21a16a89d1b01e33062399486baeN.exe"

Network

N/A

Files

memory/1928-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 6a57538c4657ddc70f721743257f251a
SHA1 1e9fb74f6bc1749cfe766ac4f2f946608fce2716
SHA256 f35afce035b9a6c788af5a2e88393a01d28ca1f304a0a25815269104770bf7e5
SHA512 f112988948c1df01755baaa160425b1e173f3101ceeee5c7688ac8167021031c1d749937b5c1e57fa4a88b2453bc7cee438df5e817ed08e6eee154ac9d00f87a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 270a28cc542975dd308637ad1221e571
SHA1 cee585bf558e76fb2a173e48cbecdf704d1a6f7a
SHA256 9a5caadc044737d6589f58f2e2d0205748272d5dff2a1a210a587b2edc0144d1
SHA512 6454eb20ce5f9767c4ef131297aafc40bf33d581f6cc59e7dc8e9e9b79d78e104d0dd347b9af5c3a3d744e5096e17d04076e7b606e7d77a63b171c80aca5fac4

memory/1928-70-0x0000000000400000-0x000000000040B000-memory.dmp