Malware Analysis Report

2025-01-22 08:15

Sample ID 241026-eq4w2sxmgz
Target 5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N
SHA256 5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15

Threat Level: Shows suspicious behavior

The file 5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 04:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 04:09

Reported

2024-10-26 04:11

Platform

win7-20240903-en

Max time kernel

15s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SYSWOW64\MRINFO.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RECOVER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SECINIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\POWERCFG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\GPRESULT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSRA.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NETSH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FINGER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WIMSERV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DPAPIMIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WERFAULT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FONTVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OCSETUP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OPTIONALFEATURES.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PKGMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DISPLAYSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CLICONFG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WININIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DVDUPGRD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPENFILES.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\COMPACT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\USERACCOUNTCONTROLSETTINGS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RELOG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BOOTCFG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPUEX.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PCAUI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CMD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NAPSTAT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGINI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WIAACMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\COM\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DCCW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PERFHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WIAACMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ARP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICACLS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SECEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DIANTZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PRINTUI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSKEY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FSUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISCSICLI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSTSC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\TEXTCONV\WKSCONV\WKCONV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULT-BROWSER-AGENT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PRIVATE_BROWSING.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\A3DUTILITY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTA\8.0\X86\VSTA_EP32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\EXTCHECK.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEDIAGCMD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JVISUALVM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\CHROME_PWA_LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KINIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPENC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\DVD MAKER\DVDMAKER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR APPLICATION INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER6\ADOBE_UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\PIPANEL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPSVC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\SPADES\SHVLZM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACRORD32INFO.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\APT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER6\ADOBEUPDATERINSTALLMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLECRASHHANDLER64.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATECOMREGISTERSHELL64.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DISABLEDGOOGLEUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVADOC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\LIB\LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\7ZFM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\HEARTS\HEARTS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\FREECELL\FREECELL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\SPIDERSOLITAIRE\SPIDERSOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONVERT_31BF3856AD364E35_6.1.7601.17514_NONE_FAFB502ABEF1BE40\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TASKLIST_31BF3856AD364E35_6.1.7600.16385_NONE_843823D87402AB36\TASKLIST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-VSSADMIN_31BF3856AD364E35_6.1.7600.16385_NONE_207247174B54AF00\VSSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WRP-INTEGRITY-CLIENT_31BF3856AD364E35_6.1.7600.16385_NONE_8733BEE404F7386C\SFC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUTHENTICATION-LOGONUI_31BF3856AD364E35_6.1.7601.17514_NONE_C3B917FD89D834F3\LOGONUI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\FINGER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-APPLAUNCH_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_51E5E402131AFC4A\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\WSATCONFIG\3.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE_31BF3856AD364E35_6.1.7600.16385_NONE_A018E05D0D33081D\DLLHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP_31BF3856AD364E35_6.1.7601.17514_NONE_BFAB9B4BA5F934F9\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\EHOME\EHPRIVJOB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TZUTIL_31BF3856AD364E35_6.1.7601.17514_NONE_9269DA4819C69A89\TZUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PING-UTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_052696AEA98BCEFC\PING.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_BRMFCWIA.INF_31BF3856AD364E35_6.1.7600.16385_NONE_11493A3982B640B7\BRMFRSMG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-EHPRIVJOB_31BF3856AD364E35_6.1.7601.17514_NONE_53393627486AE37B\EHPRIVJOB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..MES-SPIDERSOLITAIRE_31BF3856AD364E35_6.1.7600.16385_NONE_DEAD260D8F002B73\SPIDERSOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WCF-M_SM_CFG_INS_EXE_31BF3856AD364E35_6.1.7601.17514_NONE_5E47617F33C574AC\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSPAINT_31BF3856AD364E35_6.1.7600.16385_NONE_EA12784C0842BFC1\MSPAINT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REGISTRY-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_5023A70BF589AD3E\REGEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COMMANDLINEHELP_31BF3856AD364E35_6.1.7600.16385_NONE_3020274B22E8A90F\HELP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ERRORREPORTINGFAULTS_31BF3856AD364E35_6.1.7601.17514_NONE_CE2D22115368DB7A\WERFAULTSECURE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-GC-REGISTERIEPKEYS_31BF3856AD364E35_11.2.9600.16428_NONE_0A3FE92B38DD8C45\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\CHGLOGON.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-MSCORSVW_EXE_B03F5F7F11D50A3A_6.1.7600.16385_NONE_ACD03D9B9048BD78\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-G..POLICY-CMDLINETOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_975DF0A6F5A54628\GPUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-N..PROTECTION-STATUSUI_31BF3856AD364E35_6.1.7600.16385_NONE_998FF5C741AE3FB1\NAPSTAT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PCWDIAGNOSTIC_31BF3856AD364E35_6.1.7600.16385_NONE_5120BF8B19591AFA\PCWRUN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SNMP-TRAP-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_2B7FF0845918E12F\SNMPTRAP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEXPRESS_31BF3856AD364E35_11.2.9600.16428_NONE_46D2EFEF53C02386\WEXTRACT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OXGAMES-PURBLEPLACE_31BF3856AD364E35_6.1.7600.16385_NONE_622070221822EB39\PURBLEPLACE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\RESET.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DNS-CLIENT_31BF3856AD364E35_6.1.7601.17514_NONE_4008824C98F8EDAC\DNSCACHEUGC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FILTERMANAGER-UTILS_31BF3856AD364E35_6.1.7600.16385_NONE_7582A4A93F08B488\FLTMC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\EHOME\MCRMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSINFO32-EXE_31BF3856AD364E35_6.1.7601.17514_NONE_0A026C46104DD379\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..-DOWNLEVEL.BINARIES_31BF3856AD364E35_6.3.9600.16428_NONE_5FAF8886FF3D65D0\MSSPELLCHECKINGFACILITY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-GETTINGSTARTED_31BF3856AD364E35_6.1.7600.16385_NONE_DC7256ED0DED6C12\GETTINGSTARTED.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_32\EHEXTHOST32\6.1.0.0__31BF3856AD364E35\EHEXTHOST32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPLAYER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RPC-LOCATOR_31BF3856AD364E35_6.1.7600.16385_NONE_2B2984D40648FBE7\LOCATOR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.7601.17514_NONE_D18028273214FA77\SEARCHINDEXER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-AUTOPLAY_31BF3856AD364E35_6.1.7601.17514_NONE_7920B60D569A4A1E\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..SOR-NATIVE-WHITEBOX_31BF3856AD364E35_6.1.7601.17514_NONE_FF1B74D24817A82B\RMACTIVATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NETPLWIZ-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_494BA66D2A12EFC3\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\QAPPSRV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMPDMC-UX_31BF3856AD364E35_6.1.7601.17514_NONE_4C8976380E00631F\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\REPLACE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IPCONFIG_31BF3856AD364E35_6.1.7600.16385_NONE_A82EE2A7319FA8F8\IPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe

"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"

Network

N/A

Files

memory/2584-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2584-3-0x0000000000400000-0x000000000041A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 04:09

Reported

2024-10-26 04:11

Platform

win10v2004-20241007-en

Max time kernel

101s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\DXDIAG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EFSUI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FLTMC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GPUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FSUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSDT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TTTRACER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WERMGR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WPDSHEXTAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NDADMIN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\APPIDTEL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BACKGROUNDTASKHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHOICE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPISCALING.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP\IMJPDCT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMETC\IMTCPROP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISCSICPL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSTHEME.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UTILMAN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ATTRIB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMDL32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGEDT32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EXPLORER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HOSTNAME.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRESENTATIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RELOG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SEARCHPROTOCOLHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SUBST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINDOWS.MEDIA.BACKGROUNDPLAYBACK.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CREDWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TCPSVCS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSMANHTTPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ATBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SDBINST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CAMERASETTINGSUIHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EHSTORAUTHN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PCAUI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLIP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMEPADSV.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MCBUILDER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\W32TM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRTNETMUAHOSTSERVER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BITSADMIN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\F12\IECHOOSER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FONTVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JMAP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PUBS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.53.77.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOSREC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MIXEDREALITY.PORTAL_2000.19081.1301.0_X64__8WEKYB3D8BBWE\MIXEDREALITYPORTAL.BROKERED.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PINGSENDER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\BHO\IE_TO_EDGE_STUB.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PDFREFLOW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.DBCONNECTION.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JAUREG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSFEEDBACKHUB_1.1907.3152.0_X64__8WEKYB3D8BBWE\PILOTSHUBAPP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\EXTEXPORT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\INTEGRATEDOFFICE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLERPYTHONREDIRECTOR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEONDEMAND.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVCLEANER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSTATD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTOFFICEHUB_18.1903.1152.0_X64__8WEKYB3D8BBWE\LOCALBRIDGE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WEBPIMAGEEXTENSION_1.0.22753.0_X64__8WEKYB3D8BBWE\CODECPACKS.WEBP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\COOKIE_EXPORTER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROTEXTEXTRACTOR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER64.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JRUNSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MSPAINT_6.1907.29027.0_X64__8WEKYB3D8BBWE\PAINTSTUDIO.VIEW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WALLET_2.4.18324.0_X64__8WEKYB3D8BBWE\MICROSOFT.WALLET.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.ZUNEMUSIC_10.19071.19011.0_X64__8WEKYB3D8BBWE\MUSIC.UI.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSADEBUGD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\NATIVE2ASCII.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SCHEMAGEN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\ELEVATION_SERVICE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\MSEDGE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\MSEDGE_PWA_LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS PHOTO VIEWER\IMAGINGDEVICES.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAR.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JABSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\WINDOWS.CBSPREVIEW_CW5N1H2TXYEWY\CAMERABARCODESCANNERPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGASM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_DATASVCUTIL_B77A5C561934E089_4.0.15805.0_NONE_5B1ADA239E3B0505\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\WSATCONFIG\V4.0_4.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.XGPUEJECTDIALOG_CW5N1H2TXYEWY\XGPUEJECTDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\NGENTASK.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_HYPERV-COMPUTE-CONT..UTIONSERVICE-SHARED_31BF3856AD364E35_10.0.19041.1_NONE_0BC0F3D4CD7DC8FD\CEXECSVC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\R\HVC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADDINPROCESS_B77A5C561934E089_4.0.15805.0_NONE_74BABA51266F3010\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\IMMERSIVECONTROLPANEL\SYSTEMSETTINGS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINHLP32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\CSC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGASM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LOCKAPP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ASSIGNEDACCESSLOCKAPP_CW5N1H2TXYEWY\ASSIGNEDACCESSLOCKAPP.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\F\HVC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACRORD32INFO.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.FILEEXPLORER_CW5N1H2TXYEWY\FILEEXPLORER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\DFSVC\V4.0_4.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\PRINTDIALOG\PRINTDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.CREDDIALOGHOST_CW5N1H2TXYEWY\CREDDIALOGHOST.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.CAPTUREPICKER_CW5N1H2TXYEWY\CAPTUREPICKER.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A
File opened for modification C:\WINDOWS\SPLWOW64.EXE C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe

"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/624-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/624-2-0x0000000000400000-0x000000000041A000-memory.dmp