Malware Analysis Report

2025-08-06 01:42

Sample ID 241108-1xsy1stkgk
Target 424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7
SHA256 424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7

Threat Level: Shows suspicious behavior

The file 424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 22:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 22:02

Reported

2024-11-08 22:04

Platform

win7-20240903-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\IEUNATT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSHTA.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TAKEOWN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WRITE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PRINT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CMMON32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CTTUNESVR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SRDELAYED.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINRS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FLTMC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPMGR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGWIZ\POSTMIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPDSVR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\BTH.INF_AMD64_NEUTRAL_E54666F6A3E5AF91\FSQUIRT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPPDMG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NDADMIN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MOUNTVOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\USERINIT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DPAPIMIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DVDUPGRD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TASKENG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\MIGSETUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WBEM\WMIADAP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WECUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WSMANHTTPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REAGENTC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\VERCLSID.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\COM\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DEVICEPAIRINGWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\BRMFCMF.INF_AMD64_NEUTRAL_67B5984F8E8FF717\BRMFRSMG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSKEY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DPNSVR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\LOCATIONNOTIFICATIONS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSPAINT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NTKRNLPA.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OSK.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RUNLEGACYCPLELEVATED.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WAITFOR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\GPUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL_ISE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLICONFG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GPRESULT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICACLS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSIEXEC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CACLS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PERFMON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RESMON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVACPL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JSTATD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS JOURNAL\JOURNAL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DISABLEDGOOGLEUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\HEARTS\HEARTS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTA\8.0\X86\VSTA_EP32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\WSIMPORT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\SPADES\SHVLZM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\7Z.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INKWATSON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULT-BROWSER-AGENT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\BCSSYNC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SHAPECOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\INSTALLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\7ZG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\DVD MAKER\DVDMAKER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SETLANG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SCHEMAGEN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\APPLETVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\BACKGAMMON\BCKGZM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\FLICKLEARNINGWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-GC-REGISTERIEPKEYS_31BF3856AD364E35_8.0.7601.17514_NONE_A0C922C3B170DD5D\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-INFDEFAULTINSTALL_31BF3856AD364E35_6.1.7600.16385_NONE_C8897566B5C070A0\INFDEFAULTINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CVTRES.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-TOOLS-PRINTBRM_31BF3856AD364E35_6.1.7601.17514_NONE_DFE02DE35BF41E0B\PRINTBRMUI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_A0CF62EFEE3228A3\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_SUBSYSTEM-FOR-UNIX-BASED-APPLICATIONS_31BF3856AD364E35_6.1.7601.17514_NONE_D20E5D35068F261A\PSXSS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MSBUILD\AF28543D9B3E7D9F110448ECCE53CD72\MSBUILD.NI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\CHGUSR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TIMEOUT_31BF3856AD364E35_6.1.7600.16385_NONE_E8595E67DFF5B7F4\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SERVICING\GC64\TZUPD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CHOICE_31BF3856AD364E35_6.1.7601.17514_NONE_218CF07BA262766C\CHOICE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-SETUP-SUPPORT_31BF3856AD364E35_8.0.7601.17514_NONE_3EB101CAEC1ACC2C\IE4UINIT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGSETUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-LPRPORTMONITOR_31BF3856AD364E35_6.1.7601.17514_NONE_1229A6F0546E2346\LPR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD364E35_6.1.7601.17514_NONE_678566B7DDEA04A5\POQEXEC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..CATIONNOTIFICATIONS_31BF3856AD364E35_6.1.7600.16385_NONE_737951AB23CF8EA0\LOCATIONNOTIFICATIONS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NFS-CLIENTCORE_31BF3856AD364E35_6.1.7601.17514_NONE_0B0882245933A065\NFSCLNT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..PLAYER-SHELLPREVIEW_31BF3856AD364E35_6.1.7600.16385_NONE_1C92C4D88CE86757\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_583A8C60C0B305A1\INFOCARD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEETWCOLLECTOR_31BF3856AD364E35_11.2.9600.16428_NONE_A56DA9E617D4F97E\IEETWCOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ISCSI_INITIATOR_UI_31BF3856AD364E35_6.1.7600.16385_NONE_33E01C5875C2E5CB\ISCSICPL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..G-XPSDOCUMENTWRITER_31BF3856AD364E35_6.1.7601.17514_NONE_80FEA45979A5D3F2\MXDWGC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SCRIPTING_31BF3856AD364E35_6.1.7600.16385_NONE_A45D44BD1A0AF822\WSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DEPLOYMENT_31BF3856AD364E35_6.1.7600.16385_NONE_57E3E87206FF08CA\SETUPUGC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..TEMCOMPAREUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_5CBB962A4F0D58C1\FC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TABLETPC-CONTROLPANEL_31BF3856AD364E35_6.1.7601.17514_NONE_3D9977977190CDC4\MULTIDIGIMON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-CLRGC_B03F5F7F11D50A3A_6.1.7601.17514_NONE_AD7A390FA131C970\CLRGC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\EHOME\EHSCHED.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FORFILES_31BF3856AD364E35_6.1.7600.16385_NONE_B1186146F739D0F1\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OPERTIESPERFORMANCE_31BF3856AD364E35_6.1.7600.16385_NONE_B6CB9ED71C8B43D5\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONSOLEHOST_31BF3856AD364E35_6.1.7601.17932_NONE_D26A33EC18CB49C4\CONHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RUNONCE_31BF3856AD364E35_6.1.7601.17514_NONE_73E0DA0BD5A77C41\RUNONCE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CSC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_6.1.7601.17514_NONE_BF4980401574A899\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..UNTERINFRASTRUCTURE_31BF3856AD364E35_6.1.7600.16385_NONE_CD7AEEFF1897D018\LODCTR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TELNET-SERVER_31BF3856AD364E35_6.1.7600.16385_NONE_EEFCCE9868C6D4B7\TLNTADMN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..X-DIRECTXDIAGNOSTIC_31BF3856AD364E35_6.1.7601.17514_NONE_81E99DA174638311\DXDIAG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURITY-SYSKEY_31BF3856AD364E35_6.1.7600.16385_NONE_74578A893F33207C\SYSKEY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WCF-SMSVCHOST_B03F5F7F11D50A3A_6.1.7600.16385_NONE_C7F13AF70AC77B22\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-DEVICES-MCX2PROV_31BF3856AD364E35_6.1.7600.16385_NONE_3482237B32C1DAFF\MCX2PROV.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-INTERNETEXPLORER_31BF3856AD364E35_11.2.9600.16428_NONE_11B913172F0CB26F\IEUNATT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\DOSKEY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_64\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-MANAGEMENTCONSOLE_31BF3856AD364E35_6.1.7600.16385_NONE_E3C88F07D4C88269\INETMGR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MAIL-APP_31BF3856AD364E35_6.1.7601.17514_NONE_4F7E32F76654BD3C\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WPD-SHELLEXTENSION_31BF3856AD364E35_6.1.7601.17514_NONE_6F4EF219DD693CA6\WPDSHEXTAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\SMSVCHOST\3.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..BOXGAMES-BACKGAMMON_31BF3856AD364E35_6.1.7600.16385_NONE_668D031845881638\BCKGZM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DIRECTSHOW-DVDPLAY_31BF3856AD364E35_6.1.7600.16385_NONE_5DA314D233BB2676\DVDPLAY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHAREDACCESS_31BF3856AD364E35_6.1.7600.16385_NONE_60C2504D62FD4F0E\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..VIRONMENT-OS-LOADER_31BF3856AD364E35_6.1.7601.17514_NONE_B94CBFA183466A89\WINLOAD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe

"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 22:02

Reported

2024-11-08 22:04

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\COM\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMECFMUI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MAKECAB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_SSP_ISV.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESCOMPUTERNAME.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\THUMBNAILEXTRACTIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSTHEME.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BYTECODEGENERATOR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HELP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSTSC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ROUTE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PKGMGR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESHARDWARE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPLAYSVR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EXPAND.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\F12\IECHOOSER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MTSTOCOM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TAPIUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TZUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSMPROVHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SECINIT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\USERINIT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WHOAMI.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IEUNATT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RDPSAPROXY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WWAHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CIPHER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ONEDRIVESETUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RUNONCE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSWPFWRP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMDL32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TTDINJECT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UNREGMP2.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TAR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TASKKILL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COLORCPL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ESENTUTL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETCFGNOTIFYOBJECTHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ROBOCOPY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NSLOOKUP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL_ISE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WPDSHEXTAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BACKGROUNDTRANSFERHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FTP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\_ISDEL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MAVINJECT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WUSA.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EUDCEDIT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXGAMINGOVERLAY_2.34.28001.0_X64__8WEKYB3D8BBWE\GAMEBAR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ARH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\PWAHELPER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVACPL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.SHOWHELP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE16\OSPPREARM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMCLIENTICON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\MICROSOFTEDGEUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JP2LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\OFFICE16\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PJ11ICON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\POLICYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\GRV_ICONS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.STOREPURCHASEAPP_11811.1001.18.0_X64__8WEKYB3D8BBWE\STOREEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\MIP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.YOURPHONE_0.19051.7.0_X64__8WEKYB3D8BBWE\YOURPHONE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCONSOLE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\JOTICON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.OFFICE.ONENOTE_16001.12026.20112.0_X64__8WEKYB3D8BBWE\ONENOTESHARE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\READER_SL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCMD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SETLANG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\FILECOMPARE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\BHO\IE_TO_EDGE_STUB.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\IDENTITY_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROBROKER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JJS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGECOMREGISTERSHELLARM64.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\SPREADSHEETCOMPARE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFT3DVIEWER_6.1908.2042.0_X64__8WEKYB3D8BBWE\3DVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_4.4.8204.0_X64__8WEKYB3D8BBWE\SOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MSPAINT_6.1907.29027.0_X64__8WEKYB3D8BBWE\PAINTSTUDIO.VIEW.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\SSVAGENT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.NETFX45.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSMAPS_5.1906.1972.0_X64__8WEKYB3D8BBWE\MAPS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATECORE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JHAT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG_CW5N1H2TXYEWY\ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADDINPROCESS_B77A5C561934E089_4.0.15805.0_NONE_74BABA51266F3010\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\JSC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_HYPERV-COMPUTE-GUESTCOMPUTESERVICE_31BF3856AD364E35_10.0.19041.1202_NONE_024525BDC81DF50D\VMCOMPUTEAGENT.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACRORD32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_32\MSBUILD\V4.0_4.0.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.ASYNCTEXTSERVICE_8WEKYB3D8BBWE\MICROSOFT.ASYNCTEXTSERVICE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_EDMGEN_B77A5C561934E089_4.0.15805.0_NONE_AE80A3049486A75F\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\DFSVC\2.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_10.0.19041.1_NONE_82A36C559596820A\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\F\HVC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSMON.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\WINDOWS.CBSPREVIEW_CW5N1H2TXYEWY\CAMERABARCODESCANNERPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CSC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.AAD.BROKERPLUGIN_CW5N1H2TXYEWY\MICROSOFT.AAD.BROKERPLUGIN.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_10.0.19041.1_NONE_9202844CD514AB44\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_BSDTAR_31BF3856AD364E35_10.0.19041.1_NONE_0C1F19C50B5E5F6E\TAR.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\RDRSERVICESUPDATER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\INPUTAPP\TEXTINPUTHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\SMSVCHOST\3.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\NCSIUWPAPP_8WEKYB3D8BBWE\NCSIUWPAPP.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_INSTALLUTIL_B03F5F7F11D50A3A_4.0.15805.0_NONE_D67D06EF0C4A2E1C\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe

"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A