Analysis Overview
SHA256
f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434
Threat Level: Known bad
The file f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434 was found to be: Known bad.
Malicious Activity Summary
GlobeImposter
Modifies extensions of user files
Reads user/profile data of web browsers
Adds Run key to start application
Drops desktop.ini file(s)
Drops file in Program Files directory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-03-05 20:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-03-05 20:40
Reported
2022-03-05 20:43
Platform
win7-en-20211208
Max time kernel
151s
Max time network
123s
Command Line
Signatures
GlobeImposter
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\InvokeClear.crw => C:\Users\Admin\Pictures\InvokeClear.crw.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ResolveConvertFrom.tiff | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ResolveConvertFrom.tiff => C:\Users\Admin\Pictures\ResolveConvertFrom.tiff.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SelectAdd.png => C:\Users\Admin\Pictures\SelectAdd.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UnlockPop.png => C:\Users\Admin\Pictures\UnlockPop.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\WriteConvertFrom.raw => C:\Users\Admin\Pictures\WriteConvertFrom.raw.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe" | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mset7fr.kic | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\GostName.XSL | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00610_.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1036\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPTL.ICO | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR20F.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB2A.BDR | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7FR.DLL | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ACWZUSR12.ACCDU | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\SETLANG_COL.HXC | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\EXSEC32.DLL | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18199_.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0158477.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mscss7es.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\XLCPRTID.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Manuscript.dotx | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.71\goopdateres_sr.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\RepairWatch.ods | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PICSTYLES.DPV | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\PACBELL.NET.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185796.WMF | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGHEADING.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN102.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxerror.ico | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\BCSAutogen.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\TURABIAN.XSL | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Earthy.gif | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.ID.XML | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\TAG.XSL | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe
"C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe"
Network
Files
memory/952-55-0x0000000076921000-0x0000000076923000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-03-05 20:40
Reported
2022-03-05 20:43
Platform
win10v2004-en-20220112
Max time kernel
151s
Max time network
155s
Command Line
Signatures
GlobeImposter
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\ConvertInstall.png => C:\Users\Admin\Pictures\ConvertInstall.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DenyHide.tif => C:\Users\Admin\Pictures\DenyHide.tif.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DismountStart.tiff => C:\Users\Admin\Pictures\DismountStart.tiff.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SetSuspend.raw => C:\Users\Admin\Pictures\SetSuspend.raw.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\LockUnprotect.crw => C:\Users\Admin\Pictures\LockUnprotect.crw.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ReadFormat.raw => C:\Users\Admin\Pictures\ReadFormat.raw.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UnblockSearch.png => C:\Users\Admin\Pictures\UnblockSearch.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\WriteRegister.tif => C:\Users\Admin\Pictures\WriteRegister.tif.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\DisableUnpublish.png => C:\Users\Admin\Pictures\DisableUnpublish.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\DismountStart.tiff | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\EnterAssert.png => C:\Users\Admin\Pictures\EnterAssert.png.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\JoinInvoke.tif => C:\Users\Admin\Pictures\JoinInvoke.tif.deadfiles | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe" | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-400.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\css\main.css | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vreg\officemui.msi.16.en-us.vreg.dat | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\TwoWayBlendPage.xbf | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsLargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\Canvas.xaml | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-100.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCacheMini.scale-200.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-63.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-64.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\clrcompression.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\faf-main.css | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-fullcolor.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunMailBlurred.layoutdir-RTL.jpg | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\selector.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-cn\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\uk-ua\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_SadMouth.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-48_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker33.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.71\goopdateres_ml.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-16_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.71\goopdateres_gu.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\82.jpg | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Bold.otf | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-125.png | C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe
"C:\Users\Admin\AppData\Local\Temp\f373ca7e899cce69865c55be5a583aff18459489748ec55649e884d4be5ba434.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.238.20.254:80 | tcp | |
| US | 8.238.20.254:80 | tcp | |
| NL | 104.80.224.57:443 | tcp | |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | geo.prod.do.dsp.mp.microsoft.com | udp |
| IE | 51.104.167.186:443 | geo.prod.do.dsp.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | kv801.prod.do.dsp.mp.microsoft.com | udp |
| NL | 184.29.205.60:443 | kv801.prod.do.dsp.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | cp801.prod.do.dsp.mp.microsoft.com | udp |
| NL | 184.29.205.60:443 | cp801.prod.do.dsp.mp.microsoft.com | tcp |
| NL | 184.29.205.60:443 | cp801.prod.do.dsp.mp.microsoft.com | tcp |
| US | 20.189.173.4:443 | tcp |