Malware Analysis Report

2025-01-22 08:17

Sample ID 241026-e68j6szdpg
Target 305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN
SHA256 305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57bea
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57bea

Threat Level: Shows suspicious behavior

The file 305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 04:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 04:34

Reported

2024-10-26 04:36

Platform

win7-20241023-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSMPROVHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGEDIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGSVR32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CTTUNESVR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NSLOOKUP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REKEYWIZ.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPDADM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ISOBURN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\BRMFCMF.INF_AMD64_NEUTRAL_67B5984F8E8FF717\BRMFRSMG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\POSTMIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PERFMON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMETC10\IMTCPROP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISKPERF.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\VERCLSID.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMINFO.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TSWPFWRP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKDSK.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\GRPCONV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\HH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPMGR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSTSC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\AT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DPLAYSVR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NDADMIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\POWERCFG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSTHEME.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TASKENG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIADAP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESADVANCED.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PCAUI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASPHONE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MUIUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CIPHER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WUAPP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WIMSERV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HOSTNAME.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRESENTATIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TAPIUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPLAYSVR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\COM\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FINGER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSIEXEC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CERTREQ.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DRIVERQUERY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FSUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\SOLITAIRE\SOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\ODEPLOY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS SIDEBAR\SIDEBAR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACRORD32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\EULA.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\RESOURCE\ICONS\SC_READER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\APPLETVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\PURBLE PLACE\PURBLEPLACE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROBROKER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLECRASHHANDLER64.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INKWATSON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JMC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\PACK200.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\AIRAPPINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORDB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPSVC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JCONSOLE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\BACKGAMMON\BCKGZM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSIDESHOWGADGET.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JRUNSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KINIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\CHESS\CHESS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\ELEVATION_SERVICE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MINIDUMP-ANALYZER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\PIPANEL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\SETUP FILES\{AC76BA86-7AD7-1033-7B44-A90000000001}\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\SPADES\SHVLZM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JPS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MINESWEEPER\MINESWEEPER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PRIVATE_BROWSING.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{06715A9D-70D2-4C5C-9F8A-D2392905D83D}\CHROME_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\PACK200.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC64.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONTROL_31BF3856AD364E35_6.1.7600.16385_NONE_F560EAE4C42EDB14\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-GROUPPOLICY-SCRIPT_31BF3856AD364E35_6.1.7600.16385_NONE_C10C2A29895D4994\GPSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-GC-REGISTERIEPKEYS_31BF3856AD364E35_8.0.7601.17514_NONE_A0C922C3B170DD5D\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..BOXGAMES-BACKGAMMON_31BF3856AD364E35_6.1.7600.16385_NONE_668D031845881638\BCKGZM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SNMP-EVNTCMD_31BF3856AD364E35_6.1.7600.16385_NONE_14F9B9481DB6293B\EVNTCMD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..VIRONMENT-OS-LOADER_31BF3856AD364E35_6.1.7601.17514_NONE_B94CBFA183466A89\WINRESUME.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EUDCEDIT_31BF3856AD364E35_6.1.7601.17514_NONE_B7BE8A14D61DB17A\EUDCEDIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..-COMMANDLINE-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_8D8925A444607F8C\REG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..NBOXGAMES-SOLITAIRE_31BF3856AD364E35_6.1.7600.16385_NONE_D1124C00155DFD14\SOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-VSSSERVICE_31BF3856AD364E35_6.1.7601.17514_NONE_B8F2D3E62E76FE08\VSSVC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-I..EOPTIONALCOMPONENTS_31BF3856AD364E35_8.0.7601.17514_NONE_1E7B93842C84C912\CONFIGUREIEOPTIONALCOMPONENTS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\GRVICONS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-OS-KERNEL_31BF3856AD364E35_6.1.7601.21863_NONE_6E8A5C3D2BAC37E9\NTOSKRNL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_64\MICROSOFT.W71DAF281#\5ADA68CFA2258A2D4E3C3779106FAF9B\MICROSOFT.WORKFLOW.COMPILER.NI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REGISTRY-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_5023A70BF589AD3E\REGEDT32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\QPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-CLIP_31BF3856AD364E35_6.1.7600.16385_NONE_A7B238407D550501\CLIP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-MUICACHEBUILDER_31BF3856AD364E35_6.1.7601.17514_NONE_1C140627131A6DF3\MCBUILDER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-RUNAS_31BF3856AD364E35_6.1.7600.16385_NONE_5FBE9F67BEC0F818\RUNAS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\SMSVCHOST\1BC1EE3C3AA45D28DCF4657BCEB2FCB4\SMSVCHOST.NI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RECDISC-MAIN_31BF3856AD364E35_6.1.7601.17514_NONE_E2A1FFE0CA40CFF2\RECDISC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURITY-TOOLS-KLIST_31BF3856AD364E35_6.1.7600.16385_NONE_9D299157E03CE00F\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-IE-HTMLAPPLICATION_31BF3856AD364E35_11.2.9600.16428_NONE_4605ACA152CC8281\MSHTA.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..ANDLINEPROPERTYTOOL_31BF3856AD364E35_6.1.7601.17514_NONE_0D44B8D3DF1C79A9\IMJPUEXC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-LABEL_31BF3856AD364E35_6.1.7600.16385_NONE_570561EB2B9C151D\LABEL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-SYSTRAY_31BF3856AD364E35_6.1.7600.16385_NONE_F327D2F6575DA8CE\SYSTRAY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-TPM-ADMINSNAPIN_31BF3856AD364E35_6.1.7600.16385_NONE_77536D124094B997\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEETWCOLLECTOR_31BF3856AD364E35_11.2.9600.16428_NONE_A56DA9E617D4F97E\IEETWCOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURITY-SYSKEY_31BF3856AD364E35_6.1.7600.16385_NONE_74578A893F33207C\SYSKEY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TPM-ADMINSNAPIN_31BF3856AD364E35_6.1.7600.16385_NONE_D3720895F8F22ACD\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-I..TIONAL-CHINESE-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_C1FEAD4E4BF85947\IMTCPROP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-PERFORMANCETOOLSGUI_31BF3856AD364E35_6.1.7601.17514_NONE_04846DECEBF43C4C\RESMON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WOW64_31BF3856AD364E35_6.1.7601.22091_NONE_D0D0722C3BB0DC09\USER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-S..ROPERTIESPROTECTION_31BF3856AD364E35_6.1.7600.16385_NONE_6388ACF17DD74912\SYSTEMPROPERTIESPROTECTION.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-WINRSPLUGINS_31BF3856AD364E35_6.1.7600.16385_NONE_160CCC8A92FAE520\WINRS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_44B0C76C35D4B76D\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-SETUP-SUPPORT_31BF3856AD364E35_8.0.7601.17514_NONE_3EB101CAEC1ACC2C\IE4UINIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-AUTOCHKCONFIGURATOR_31BF3856AD364E35_6.1.7600.16385_NONE_1898D1BBE9180B39\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-BITS-BITSADMIN_31BF3856AD364E35_6.1.7601.17514_NONE_4F18FAED6AAE2509\BITSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-DIRECTX-DIRECTPLAY4_31BF3856AD364E35_6.1.7600.16385_NONE_76E6C1802136B090\DPLAYSVR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-DISKPART_31BF3856AD364E35_6.1.7601.17514_NONE_6ADFCF45F42EFFCF\DISKPART.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_NETFX-MSCORSVW_EXE_B03F5F7F11D50A3A_6.1.7600.16385_NONE_F47D7472A4C4E67E\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FAX-SERVICE_31BF3856AD364E35_6.1.7601.17514_NONE_0B499F2C96E8F6B2\FXSUNATD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RUNAS_31BF3856AD364E35_6.1.7600.16385_NONE_BBDD3AEB771E694E\RUNAS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WMI-CORE-PROVIDERHOST_31BF3856AD364E35_6.1.7601.17514_NONE_78DD6E4CD6655603\WMIPRVSE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CIPHER_31BF3856AD364E35_6.1.7600.16385_NONE_090B7101BEC9A9E2\CIPHER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CHARMAP_31BF3856AD364E35_6.1.7600.16385_NONE_4E4EAF05BE0C2D8F\CHARMAP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\SUBST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TAKEOWN_31BF3856AD364E35_6.1.7601.17514_NONE_58116B392C3DA43C\TAKEOWN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WHOAMI_31BF3856AD364E35_6.1.7600.16385_NONE_2A716FFD9B872F68\WHOAMI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..IME-EASHARED-IMEPAD_31BF3856AD364E35_6.1.7601.17514_NONE_3C93AC15FD731ACF\IMEPADSV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-ISCSI_INITIATOR_UI_31BF3856AD364E35_6.1.7600.16385_NONE_D7C180D4BD657495\ISCSICPL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CALC_31BF3856AD364E35_6.1.7600.16385_NONE_05B2F2E2346CFEA4\CALC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONVERT_31BF3856AD364E35_6.1.7601.17514_NONE_FAFB502ABEF1BE40\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASCONNECTIONMANAGER_31BF3856AD364E35_6.1.7601.17514_NONE_BD4644E077251730\CMDL32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TELNET-SERVER-TLNTSESS_31BF3856AD364E35_6.1.7600.16385_NONE_05EBF19CA2304436\TLNTSESS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\MSIL_SMSVCHOST_B03F5F7F11D50A3A_6.1.7601.17514_NONE_E6B622BD1115139E\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe

"C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe"

Network

N/A

Files

memory/2136-0-0x0000000000400000-0x000000000040F000-memory.dmp

memory/2136-3-0x0000000000400000-0x000000000040F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 04:34

Reported

2024-10-26 04:36

Platform

win10v2004-20241007-en

Max time kernel

97s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\WERMGR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FSUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LOGMAN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RESMON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BITSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGISTER-CIMPROVIDER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WOWREG32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TOKENBROKERCOOKIES.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSDT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRINTUI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DCCW.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DEVICEPAIRINGWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WERFAULTSECURE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMESEARCH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETX.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TTTRACER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DDODIAG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DOSKEY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMCCPHR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP\IMJPUEX.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPENFILES.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMUWPLAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WECUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INPUTSWITCHTOASTHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPOSHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WERFAULT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BOOTCFG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CREDENTIALUIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EXPAND.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYNCHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DWWIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMETC\IMTCLNWZ.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETSH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISOBURN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NDADMIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET1.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETBTUGC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ATTRIB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUDITPOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCHK.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHARMAP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RPCPING.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WAITFOR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HDWWIZ.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ROBOCOPY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MMC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETCFGNOTIFYOBJECTHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WINMGMT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CTFMON.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WEBMEDIAEXTENSIONS_1.0.20875.0_X64__8WEKYB3D8BBWE\MICROSOFT.WEBMEDIAEXTENSIONS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXAPP_48.49.31001.0_X64__8WEKYB3D8BBWE\XBOXAPP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOASB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ORGCHART.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVSHNOTIFY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\SQLDUMPER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXSPEECHTOTEXTOVERLAY_1.17.29001.0_X64__8WEKYB3D8BBWE\SPEECHTOTEXTOVERLAY64-RETAIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH_TARGET_85250\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\POLICYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MISC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOIA.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SKYPESRV\SKYPESERVER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXGAMINGOVERLAY_2.34.28001.0_X64__8WEKYB3D8BBWE\GAMEBAR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROTEXTEXTRACTOR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\IDLJ.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JHAT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\CLIENT\APPVLP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0C0A-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLERPYTHONREDIRECTOR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WALLET_2.4.18324.0_X64__8WEKYB3D8BBWE\MICROSOFT.WALLET.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\PLUG_INS\PI_BROKERS\64BITMAPIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\KINIT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\NAMECONTROLSERVER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\OFFICEAPPGUARDWIN32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\PWAHELPER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSTICKYNOTES_3.6.73.0_X64__8WEKYB3D8BBWE\MICROSOFT.NOTES.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JARSIGNER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JINFO.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.VP9VIDEOEXTENSIONS_1.0.22681.0_X64__8WEKYB3D8BBWE\CODECPACKS.VP9.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\PACK200.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-006E-0409-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MIXEDREALITY.PORTAL_2000.19081.1301.0_X64__8WEKYB3D8BBWE\MIXEDREALITYPORTAL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSMAPS_5.1906.1972.0_X64__8WEKYB3D8BBWE\MAPS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\EXTEXPORT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\MSEDGE_PROXY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCONSOLE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\OFFICE16\OLICENSEHEARTBEAT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROCEF\RDRSERVICESUPDATER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SETLANG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..ED-CHINESE-MOIMEEXE_31BF3856AD364E35_10.0.19041.746_NONE_C3054A007D804943\F\CHSIME.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-REMOTEASSISTANCE-EXE_31BF3856AD364E35_10.0.19041.1110_NONE_B678EC2DEB73B201\F\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHELLHOST_31BF3856AD364E35_10.0.19041.1_NONE_CC694AAFC259F133\SIHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SMARTSCREEN_31BF3856AD364E35_10.0.19041.1052_NONE_323C9A9AD543E3A3\F\SMARTSCREEN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONTAINER-MANAGER_31BF3856AD364E35_10.0.19041.1266_NONE_07A5D18B92D8B668\CMIMAGEWORKER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..NAGEMENT-APPVSYSTEM_31BF3856AD364E35_10.0.19041.1081_NONE_BDF809EB2DD695F9\R\APPVCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-G..ATION-WINCOMPONENTS_31BF3856AD364E35_10.0.19041.746_NONE_79BFC5CB57157E98\LOCATIONNOTIFICATIONWINDOWS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MUICACHEBUILDER_31BF3856AD364E35_10.0.19041.1_NONE_CFFDA9BF5435DB63\MCBUILDER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_10.0.19041.546_NONE_49716C2392052ACA\F\DISKPERF.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..NAGEMENT-APPVCLIENT_31BF3856AD364E35_10.0.19041.264_NONE_AA5417FD2708544D\SYNCAPPVPUBLISHINGSERVER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..NTSCONTROL.APPXMAIN_31BF3856AD364E35_10.0.19041.423_NONE_6C3451A09CBA3850\ACCOUNTSCONTROLHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..ONMENT-CORE-TCBBOOT_31BF3856AD364E35_10.0.19041.1288_NONE_75442AF2FE19577C\R\TCBLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..INSTALLERANDPRINTUI_31BF3856AD364E35_10.0.19041.264_NONE_B435E08254CDA322\F\PRINTUI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.1151_NONE_F68DB62A3702882B\SEARCHINDEXER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUDIO-AUDIOCORE_31BF3856AD364E35_10.0.19041.264_NONE_5481650943811810\R\AUDIODG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EVENTLOG-COMMANDLINE_31BF3856AD364E35_10.0.19041.1202_NONE_3594628932065F23\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAASMEDIC_31BF3856AD364E35_10.0.19041.1165_NONE_A82485B8F343811F\R\WAASMEDICAGENT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-TCPIP_31BF3856AD364E35_10.0.19041.746_NONE_49D38AFB2289B178\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-HYPER-V-VSTACK-VMWP_31BF3856AD364E35_10.0.19041.264_NONE_13222F28BEAA00A7\VMWP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-CPL_31BF3856AD364E35_10.0.19041.1_NONE_0D7764D82A75E629\BITLOCKERWIZARDELEV.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TIERINGENGINE_31BF3856AD364E35_10.0.19041.746_NONE_8D7110D8C33B651F\R\TIERINGENGINESERVICE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TPM-TOOL_31BF3856AD364E35_10.0.19041.1202_NONE_72F9F7C7A1B307DD\TPMTOOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-HYPER-V-DRIVERS-HYPERVISOR_31BF3856AD364E35_10.0.19041.264_NONE_0E32F443C4669FED\F\HVAX64.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FILEEXPLORER.APPXMAIN_31BF3856AD364E35_10.0.19041.546_NONE_476476BB5C3A0BBC\F\FILEEXPLORER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IMPEXP-EXTEXPORT_31BF3856AD364E35_11.0.19041.1_NONE_17E048FCCDBCFAA0\EXTEXPORT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURITY-TOOLS-KLIST_31BF3856AD364E35_10.0.19041.1266_NONE_B5FA73367BBD2F91\R\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-MSINFO32-EXE-COMMON_31BF3856AD364E35_10.0.19041.1110_NONE_0565D41CD46EC20A\R\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-P..INSTALLERANDPRINTUI_31BF3856AD364E35_10.0.19041.264_NONE_BE8A8AD4892E651D\R\PRINTUI.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-HNS-DIAGNOSTICSTOOL_31BF3856AD364E35_10.0.19041.423_NONE_841C30F68571C385\R\HNSDIAG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-U..TE-ORCHESTRATORCORE_31BF3856AD364E35_10.0.19041.264_NONE_64B3F487E354744D\F\USOCOREWORKER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-IEEXEC_B03F5F7F11D50A3A_10.0.19041.1_NONE_6A5DE40C0A30489E\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WINDOWS-SENSECLIENT-SERVICE_31BF3856AD364E35_10.0.19041.1288_NONE_1CEC63974464878F\F\SENSESAMPLEUPLOADER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.19041.1151_NONE_EC390BD802A1C630\R\SEARCHPROTOCOLHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NETWORKUX-LEGACYUX_31BF3856AD364E35_10.0.19041.1_NONE_D374A4C62C9F2643\LEGACYNETUXHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMPDMC-UX_31BF3856AD364E35_10.0.19041.1_NONE_A4547E4C96BE5F59\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-CLR_ILASM_EXE_B03F5F7F11D50A3A_10.0.19041.1_NONE_7C4B8C980A524548\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-DW_B03F5F7F11D50A3A_10.0.19041.1_NONE_46D7D57B97BD01E0\DW20.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..ORTINGCOMPATIBILITY_31BF3856AD364E35_10.0.19041.264_NONE_DC8146375466099A\R\DWWIN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..ALCONTROLS.APPXMAIN_31BF3856AD364E35_10.0.19041.1_NONE_595F2A7ACAF53BBA\WPCUAPAPP.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WIFINETWORKMANAGER_31BF3856AD364E35_10.0.19041.84_NONE_6461F879A9C4A23E\F\WIFITASK.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..EXTSERVICE.APPXMAIN_31BF3856AD364E35_10.0.19041.423_NONE_2CADE1BC915DCA0D\MICROSOFT.ASYNCTEXTSERVICE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SCTASKS_31BF3856AD364E35_10.0.19041.1_NONE_4030851754B3E0FB\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-C..PLUS-SETUP-MIGREGDB_31BF3856AD364E35_10.0.19041.1_NONE_E341AEE7030E39C4\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-R..PDATE-OOB-COMPONENT_31BF3856AD364E35_10.0.19041.84_NONE_E539ABE3D27F675F\R\RDVGM.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-VIRTUALDISKSERVICE_31BF3856AD364E35_10.0.19041.1_NONE_20DBE0239A0C22B4\VDSLDR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_NETFX-CSHARP_COMPILER_CSC_B03F5F7F11D50A3A_10.0.19041.1_NONE_BF6140EFBE1A7808\CSC.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYNCHOST_31BF3856AD364E35_10.0.19041.746_NONE_477A57E55B61ABA8\R\SYNCHOST.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX35CDF-CSD_CDF_INSTALLER_31BF3856AD364E35_10.0.19041.1_NONE_0E4D25C8CB52F8D0\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NETSH_31BF3856AD364E35_10.0.19041.1_NONE_159203C1973658CD\NETSH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-GROUPPOLICY-SCRIPT_31BF3856AD364E35_10.0.19041.572_NONE_4D40B8E902F83DD6\R\GPSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUDIO-VOLUMECONTROL_31BF3856AD364E35_10.0.19041.964_NONE_A40A1F93665B43EB\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPENWITH_31BF3856AD364E35_10.0.19041.1_NONE_2311DC3012116C15\OPENWITH.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-USO-DTUHANDLER_31BF3856AD364E35_10.0.19041.844_NONE_C0D0CB934C1C1F17\R\DTUHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-EDP-NOTIFY_31BF3856AD364E35_10.0.19041.1202_NONE_9FE20FDB296D6341\EDPNOTIFY.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..ARTCARD-TPM-MANAGER_31BF3856AD364E35_10.0.19041.746_NONE_790F12933FBF7E0D\TPMVSCMGRSVR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYSTEMRESET_31BF3856AD364E35_10.0.19041.1266_NONE_5FD6523A3130632D\F\SYSRESETERR.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LXSS-WSLCONFIG_31BF3856AD364E35_10.0.19041.117_NONE_7F3778D7035D9622\WSLCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SMARTSCREEN_31BF3856AD364E35_10.0.19041.264_NONE_9B436D497F039D6D\SMARTSCREEN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-ISOBURN_31BF3856AD364E35_10.0.19041.746_NONE_680D56683FAD152B\R\ISOBURN.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WLAN-EXTENSION_31BF3856AD364E35_10.0.19041.1_NONE_AFD43CB1C2B70F77\WLANEXT.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..ETEXPLORER-OPTIONAL_31BF3856AD364E35_11.0.19041.1202_NONE_512E9D368C70B758\R\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_10.0.19041.1266_NONE_802F96A5044B0FBE\F\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe

"C:\Users\Admin\AppData\Local\Temp\305877b6560f36a0297d9c90cfa21f4bdceb0e4145d12e06f47dc704e9c57beaN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3952-0-0x0000000000400000-0x000000000040F000-memory.dmp

memory/3952-2-0x0000000000400000-0x000000000040F000-memory.dmp