Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lfemqsxaqm
Target bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN
SHA256 bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fb
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fb

Threat Level: Likely malicious

The file bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3138) files with added filename extension

Renames multiple (4619) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:28

Reported

2024-10-06 09:30

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe"

Signatures

Renames multiple (4619) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe

"C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/4872-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

MD5 de9af342068dcf745d41b7ae6af442cf
SHA1 e37e30ac88feba7edf80b5628b677d19d8e85191
SHA256 53155faf4414767f6ca1628975065325222fa80b8b4444cdaf03ad37cd8ce246
SHA512 08731c5959e2f024e470cb6525b1f89ded19087af7e0fe69386be132dbdf1b71be0a8db1f79520acd6507cf41d81751a56a13a0b4a01a5a18f44fb4047a2494f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fa54b6b94eb69e36754d7e41d7eeb43e
SHA1 4951a934cc4653c3916d74bf21a376eb57c6b103
SHA256 d97920e5b96dc3120f86bbbe7c64dec7fdfbcc02f3851688935cdd77db6e6d29
SHA512 b1e4341474fbf7323333cec51cf63aab3c94f80d3ee2a060752e80baa63083fdeb8374aa2f5266e51276703066e6d9ece646ccc9297235337b7e545d2a3fe961

memory/4872-858-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:28

Reported

2024-10-06 09:30

Platform

win7-20240903-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe"

Signatures

Renames multiple (3138) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\ResolveUninstall.mpv2.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe

"C:\Users\Admin\AppData\Local\Temp\bc5fb3fc01311426f4229586967f84475137601d0cee887ec2006f108e19e0fbN.exe"

Network

N/A

Files

memory/2236-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 b31db6a9547e939e7570486f5f9f3a58
SHA1 cbdc6e7f0a610d4bab186b00669fe3291fed0185
SHA256 4abf7956b43431d43552d7b273e20dd1edac606891547e6eb06d2f6a74be84a2
SHA512 da53ae12fbb07824999cd1be490757fe6a8b8935a04d66f647822e20456351a056670e8423a7626a0494612dc140ccccad0034fac2078baa32479a62c8947abc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d93b9b25cc0cd65ab227ca2ebd50145a
SHA1 f80db839cc176bf5da8c61b172402f4e098f3776
SHA256 05cce3ca86ae95ab589cf5a8d4803753c184b08d577891630abfbf95ac6bede2
SHA512 41faf32f32ed3001f245e135915494ae18faee02c3a4a70d346a4cad900a1a565ce532b15ac92e69721ea61c60558204ce0236ba836e31320b3d9084982cd099

memory/2236-74-0x0000000000400000-0x000000000040B000-memory.dmp