Malware Analysis Report

2025-03-15 04:28

Sample ID 241025-z298eswcrq
Target 452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191
SHA256 452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191

Threat Level: Shows suspicious behavior

The file 452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 21:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 21:14

Reported

2024-10-25 21:16

Platform

win7-20241023-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\WINRS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\UTILMAN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COLORCPL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DCCW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SFC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\VSSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LODCTR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MFPMP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_SSP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\XPSRCHVW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSHTA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CTFMON.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGWIZ\MIGHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OPTIONALFEATURES.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CALC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETBTUGC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\POWERCFG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WUSA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WPDSHEXTAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RELOG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHARMAP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DFRGUI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPDADM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESREMOTE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSRA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CACLS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\_ISDEL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NTPRINT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DISKPART.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SDIAGNHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GETMAC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SHRPUBW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\EHSTORAUTHN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\KTMUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DEVICEPROPERTIES.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FINDSTR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NTOSKRNL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\XWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPPDMG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NTPRINT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DPISCALING.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS JOURNAL\JOURNAL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\CNFNOT32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\DVD MAKER\DVDMAKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\NATIVE2ASCII.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ADOBECOLLABSYNC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JABSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\WSIMPORT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\INSTALLER\CHRMSTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROBROKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPENC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC64.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\CHECKERS\CHKRZM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JVISUALVM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVACPL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MINIDUMP-ANALYZER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\SMART TAG\SMARTTAGINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SHAPECOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\XJC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\CHESS\CHESS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PINGSENDER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTA\8.0\X86\VSTA_EP32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATEONDEMAND.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JSTACK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSIDESHOWGADGET.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\POLICYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATECOMREGISTERSHELL64.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OUTLOOK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\IECONTENTSERVICE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-WMPENC_31BF3856AD364E35_6.1.7600.16385_NONE_00192601418CADFF\WMPENC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_A0CF62EFEE3228A3\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BCDBOOT-CMDLINETOOL_31BF3856AD364E35_6.1.7601.17514_NONE_BF7BEA0454C3F0CF\BCDBOOT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ICACLS_31BF3856AD364E35_6.1.7600.16385_NONE_8EA990B7BFAB3802\ICACLS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..PLATFORM-INPUT-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_2F3651E7F36D703F\WISPTIS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IEINSTAL_31BF3856AD364E35_11.2.9600.16428_NONE_CAF2EC2CA6B08F27\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-CPL_31BF3856AD364E35_6.1.7601.17514_NONE_B5AC5CC3A1B7E9EF\BITLOCKERWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SERVICING\GC64\TZUPD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-SNMP-PROVIDER_31BF3856AD364E35_6.1.7601.17514_NONE_08E183F8DD5F48B7\SMI2SMIR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FORFILES_31BF3856AD364E35_6.1.7600.16385_NONE_B1186146F739D0F1\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-G..POLICY-CMDLINETOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_975DF0A6F5A54628\GPUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..PDATECLIENT-ACTIVEX_31BF3856AD364E35_7.5.7601.17514_NONE_AF500E3C7FC49BC4\WUAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CTTUNESVR_31BF3856AD364E35_6.1.7600.16385_NONE_4BEFC8EB38093BB1\CTTUNESVR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WPF-XAMLVIEWER_31BF3856AD364E35_6.1.7601.17514_NONE_B43451F0938C6CD0\XAMLVIEWER_V0300.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..-COREINKRECOGNITION_31BF3856AD364E35_6.1.7600.16385_NONE_498D334C14A3B9BB\HWRREG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\PRESENTATIONFONTCAC#\0246845F487E5F33D3564EFF578665A3\PRESENTATIONFONTCACHE.NI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ION-TELEMETRY-AGENT_31BF3856AD364E35_6.1.7601.17514_NONE_3092574C7D41010B\AITAGENT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..-SETIEINSTALLEDDATE_31BF3856AD364E35_8.0.7600.16385_NONE_7F263A8951BC5A48\SETIEINSTALLEDDATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICEPACKCOORDINATOR_31BF3856AD364E35_6.1.7601.17514_NONE_92E727843E307E1B\SPINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..-ODBC-ADMINISTRATOR_31BF3856AD364E35_6.1.7600.16385_NONE_A044D905576812D4\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SETUP-COMPONENT_31BF3856AD364E35_6.1.7601.17514_NONE_905283BDC3E1D2D8\WINDEPLOY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..IME-EASHARED-IMEPAD_31BF3856AD364E35_6.1.7601.17514_NONE_98B24799B5D08C05\IMEPADSV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..AGEENGINE-UTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_3580DEA4DEF227D4\ESENTUTL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\PUBS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..-DEPLOYMENT-PACKAGE_31BF3856AD364E35_6.1.7600.16385_NONE_BAC291589D407FDE\TFTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-APPLAUNCH_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_51E5E402131AFC4A\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EVENTCREATE_31BF3856AD364E35_6.1.7600.16385_NONE_3157C24B5944E2A3\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-INSTALLER-EXECUTABLE_31BF3856AD364E35_6.1.7601.17514_NONE_A7A77A3B9CB96CE6\MSIEXEC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SOUNDRECORDER_31BF3856AD364E35_6.1.7601.17514_NONE_FD2F4B124982E400\SOUNDRECORDER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WCF-ICARDAGT_EXE_31BF3856AD364E35_6.1.7600.16385_NONE_8DCC9C6F8B58A5EB\ICARDAGT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\EHOME\LOADMXF.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FDDDO_31BF3856AD364E35_6.1.7600.16385_NONE_B0DE2AFE4CA7A1E2\DEVICEDISPLAYOBJECTPROVIDER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\VBC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FSUTIL_31BF3856AD364E35_6.1.7600.16385_NONE_28590620099DA2D8\FSUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPTIONALTSPS_31BF3856AD364E35_6.1.7600.16385_NONE_3DF12FEBE293CE5D\TCMSETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SETUPCACHE\V4.7.03062\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..UNTERINFRASTRUCTURE_31BF3856AD364E35_6.1.7600.16385_NONE_CD7AEEFF1897D018\LODCTR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\ROUTE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\HH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..WSUPDATECLIENT-CORE_31BF3856AD364E35_7.5.7601.17514_NONE_1F3413AFC64D10C5\WUAUCLT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYSTEMRESTORE-MAIN_31BF3856AD364E35_6.1.7601.17514_NONE_A505D556C9DE886A\RSTRUI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WINRE-RECOVERYTOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_3142C61B8ADA510F\REAGENTC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_177A088436382A34\UNSECAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RUNAS_31BF3856AD364E35_6.1.7600.16385_NONE_BBDD3AEB771E694E\RUNAS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGSQL_B03F5F7F11D50A3A_6.1.7600.16385_NONE_DCB42EC76404494F\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-MCWEBLAUNCHER_31BF3856AD364E35_6.1.7600.16385_NONE_5846A8771B202706\MEDIACENTERWEBLAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_C09AA5B3BEC88BEB\BDEUISRV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..OMMAND-LINE-UTILITY_31BF3856AD364E35_6.1.7600.16385_NONE_FD9EC705E687F8C2\WMIC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TASKHOST_31BF3856AD364E35_6.1.7601.18010_NONE_86608C5A70F925BC\TASKHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe

"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 21:14

Reported

2024-10-25 21:16

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\RASAUTOU.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UPNPCONT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DIALER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PASSWORDONWAKESETTINGFLYOUT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\THUMBNAILEXTRACTIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSCADMINUI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMDKEY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PREVHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETHC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESREMOTE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMMON32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MMGASERVER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASDIAL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLOUDNOTIFICATIONS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHARMAP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DFRGUI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DXDIAG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MTSTOCOM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PICKERHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGISTER-CIMPROVIDER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\USERINIT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICACLS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\_ISDEL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIPRVSE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINDOWS.MEDIA.BACKGROUNDPLAYBACK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MOUNTVOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTRAY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLICONFG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMETC\IMTCLNWZ.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NEWDEV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRTNETMUAHOSTSERVER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DOSKEY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPNSVR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP\IMJPUEXC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SHUTDOWN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AGENTACTIVATIONRUNTIMESTARTER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MCBUILDER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGEDT32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCHK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_SSP_ISV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOFMT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CREDENTIALUIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EXPLORER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IEUNATT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BITSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHOICE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISKPART.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMINFO.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXIDENTITYPROVIDER_12.50.6001.0_X64__8WEKYB3D8BBWE\XBOXIDP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.53.77.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXSPEECHTOTEXTOVERLAY_1.17.29001.0_X64__8WEKYB3D8BBWE\SPEECHTOTEXTOVERLAY64-RETAIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PROTOCOLHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0409-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SHAPECOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.BINGWEATHER_4.25.20211.0_X64__8WEKYB3D8BBWE\MICROSOFT.MSN.WEATHER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARMHELPER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PDFREFLOW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JRUNSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\WIN32BRIDGE.SERVER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\INSTALLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\MAVINJECT32.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\INTEGRATION\ADDONS\ONEDRIVESETUP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOSYNC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SDXHELPERBGT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.HEIFIMAGEEXTENSION_1.0.22742.0_X64__8WEKYB3D8BBWE\CODECPACKS.HEIF.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACRORD32INFO.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\DOTNET\DOTNET.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\MSEDGE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.DBCONNECTION.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OUTICON.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFT3DVIEWER_6.1908.2042.0_X64__8WEKYB3D8BBWE\3DVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCAMERA_2018.826.98.0_X64__8WEKYB3D8BBWE\WINDOWSCAMERA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_16005.11629.20316.0_X64__8WEKYB3D8BBWE\HXACCOUNTS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\EXTCHECK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JARSIGNER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOX.TCUI_1.23.28002.0_X64__8WEKYB3D8BBWE\TCUI-APP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.GETSTARTED_8.2.22942.0_X64__8WEKYB3D8BBWE\WHATSNEW.STORE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.OFFICE.ONENOTE_16001.12026.20112.0_X64__8WEKYB3D8BBWE\ONENOTESHARE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.STOREPURCHASEAPP_11811.1001.18.0_X64__8WEKYB3D8BBWE\STOREEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ARH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOEV.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSTAT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.PEOPLEEXPERIENCEHOST_CW5N1H2TXYEWY\PEOPLEEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\DFSVC\2.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.XBOXGAMECALLABLEUI_CW5N1H2TXYEWY\XBOX.TCUI.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\READER_SL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\PARENTALCONTROLS_CW5N1H2TXYEWY\WPCUAPAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\WSATCONFIG\3.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CSC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ASSIGNEDACCESSLOCKAPP_CW5N1H2TXYEWY\ASSIGNEDACCESSLOCKAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DW20.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADOBECOLLABSYNC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SPLWOW64.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\VBC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.CALLINGSHELLAPP_CW5N1H2TXYEWY\CALLINGSHELLAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.UNDOCKEDDEVKIT_CW5N1H2TXYEWY\UNDOCKEDDEVKIT.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EULA.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LOCKAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\BOOT\PCAT\MEMTEST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\JSC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_32\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_64\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\SMSVCHOST\V4.0_4.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG_CW5N1H2TXYEWY\ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.FILEPICKER_CW5N1H2TXYEWY\FILEPICKER.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\VBC.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSMON.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.ECAPP_8WEKYB3D8BBWE\MICROSOFT.ECAPP.EXE C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe

"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 101.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

N/A