Malware Analysis Report

2025-08-05 10:58

Sample ID 241108-21jp7a1lgs
Target 58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea
SHA256 58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea

Threat Level: Shows suspicious behavior

The file 58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 23:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 23:02

Reported

2024-11-08 23:05

Platform

win7-20241023-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RRINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CIPHER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\COMP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\SHARED\IMEPADSV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISPLAYSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\POQEXEC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NSLOOKUP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OSK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CALC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MOUNTVOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NEWDEV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMESC5\IMSCPROP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\KTMUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TCPSVCS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CERTENROLLCTRL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\LABEL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPDADM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\W32TM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSIEXEC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_SSP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESCOMPUTERNAME.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WOWREG32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PSR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ISCSICPL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REAGENTC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WININIT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\VERIFIER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NTPRINT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPTIONALFEATURES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RDRLEAKDIAG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MOBSYNC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TASKMGR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WBEM\WINMGMT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\MIGHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MTSTOCOM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WPDSHEXTAUTOPLAY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\XWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUDITPOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INFDEFAULTINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGINI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SECEDIT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UNLODCTR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CACLS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGWIZ\MIGSETUP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSHTA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WSMANHTTPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTENROLLCTRL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\CHROME_PWA_LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MINESWEEPER\MINESWEEPER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MISC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\PACK200.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATECOMREGISTERSHELL64.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DISABLEDGOOGLEUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS SIDEBAR\SIDEBAR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DOWNLOAD\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\CHROME_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACRORD32INFO.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\EULA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\EXTCHECK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DWTRIG20.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\APPLETVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS PHOTO VIEWER\IMAGINGDEVICES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JSADEBUGD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROTEXTEXTRACTOR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\INFOPATH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\DVD MAKER\DVDMAKER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MAHJONG\MAHJONG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR APPLICATION INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\NATIVE2ASCII.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\FREECELL\FREECELL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_6.1.7600.16385_NONE_96421D40C0E2903E\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ANYTIME-UPGRADE_31BF3856AD364E35_6.1.7600.16385_NONE_FB591B6CF023ADE3\WINDOWSANYTIMEUPGRADE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-APPID_31BF3856AD364E35_6.1.7601.17514_NONE_B57215BAC8C6D647\APPIDCERTSTORECHECK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-DEVICES-MCXTASK_31BF3856AD364E35_6.1.7600.16385_NONE_B6BC1AAE9D0693C5\MCXTASK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ODEUPDATE-SERVICING_31BF3856AD364E35_6.1.7600.16385_NONE_FF7CF696BFB54620\UCSVC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSAUDITEVTLOG_31BF3856AD364E35_6.1.7600.16385_NONE_23376BF5921E7B63\AUDITPOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..LINE-USER-INTERFACE_31BF3856AD364E35_6.1.7600.16385_NONE_38DC646BF68909F4\CMDKEY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_6.1.7601.17514_NONE_BF4980401574A899\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ALG_31BF3856AD364E35_6.1.7600.16385_NONE_04DE43C774CF8FE3\ALG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BTH-USER_31BF3856AD364E35_6.1.7601.17514_NONE_C33F455AEBCD9DBB\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EVENTCREATE_31BF3856AD364E35_6.1.7600.16385_NONE_3157C24B5944E2A3\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NFS-CLIENTCMDTOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_AD5854CA0A23343D\UMOUNT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PNPHOTPLUGUI_31BF3856AD364E35_6.1.7600.16385_NONE_44D62330646F757A\DEVICEEJECT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE_31BF3856AD364E35_6.1.7600.16385_NONE_A018E05D0D33081D\DLLHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGWIZ.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPTIONALTSPS_31BF3856AD364E35_6.1.7600.16385_NONE_3DF12FEBE293CE5D\TCMSETUP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\PUBS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONSOLEHOST_31BF3856AD364E35_6.1.7601.22091_NONE_D2B1C721321AADF8\CONHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DISPDIAG_31BF3856AD364E35_6.1.7600.16385_NONE_A0D95AFC49C833B6\DISPDIAG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ERRORREPORTINGFAULTS_31BF3856AD364E35_6.1.7601.17514_NONE_CE2D22115368DB7A\WERFAULTSECURE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NET1-COMMAND-LINE-TOOL_31BF3856AD364E35_6.1.7601.17514_NONE_E501F8E06B32B48F\NET1.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-FEEDSBS_31BF3856AD364E35_11.2.9600.16428_NONE_DEA50217EFD0356B\MSFEEDSSYNC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..RASTRUCTURECONSUMER_31BF3856AD364E35_6.1.7601.17514_NONE_1202940E4711971E\PLASRV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REMOTEASSISTANCE-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_934D08D31B96D4EE\MSRA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\OISICON.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_583A8C60C0B305A1\INFOCARD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..ETEXPLORER-OPTIONAL_31BF3856AD364E35_8.0.7601.17514_NONE_1196A9003B674A92\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NOTEPADWIN_31BF3856AD364E35_6.1.7600.16385_NONE_9EBEBE8614BE1470\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ROBOCOPY_31BF3856AD364E35_6.1.7601.17514_NONE_252D34F00303C6FA\ROBOCOPY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..CLIENT-APPLICATIONS_31BF3856AD364E35_6.1.7601.17514_NONE_D71FB1D63F05EF22\WFS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-FEEDSBS_31BF3856AD364E35_8.0.7601.17514_NONE_752E3BB068638683\MSFEEDSSYNC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-TOOLS-PRINTBRM_31BF3856AD364E35_6.1.7601.17514_NONE_DFE02DE35BF41E0B\PRINTBRMUI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REGISTRY-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_5023A70BF589AD3E\REGEDT32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..EXECUTIONPREVENTION_31BF3856AD364E35_6.1.7600.16385_NONE_25D85B4A3E4A7709\SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\COMSVCCONFIG\2BD538D545E15452202EF3B41080E2CE\COMSVCCONFIG.NI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-HELP-CLIENT_31BF3856AD364E35_6.1.7600.16385_NONE_C80D81C947C7B794\HELPPANE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RECOVER_31BF3856AD364E35_6.1.7600.16385_NONE_E2083F75CE4C0619\RECOVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\EHOME\MCXTASK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\EHOME\WTVCONVERTER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSCORSVW.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DIANTZ_31BF3856AD364E35_6.1.7600.16385_NONE_02BB0612DC529329\DIANTZ.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..AC-SQL-CLICONFG-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_CC12387F7062EB3B\CLICONFG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ATIBILITY-ASSISTANT_31BF3856AD364E35_6.1.7600.16385_NONE_8FBB77BB3CD808D1\PCALUA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ION-TELEMETRY-AGENT_31BF3856AD364E35_6.1.7601.17514_NONE_3092574C7D41010B\AITAGENT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASCONNECTIONMANAGER_31BF3856AD364E35_6.1.7601.17514_NONE_BD4644E077251730\CMDL32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\BFSVC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\EHOME\EHSHELL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\EHOME\LOADMXF.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe

"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3012-3-0x0000000000400000-0x000000000041A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 23:02

Reported

2024-11-08 23:05

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIPRVSE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BACKGROUNDTASKHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETHC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LABEL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET1.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETIOUGC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REPLACE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMDL32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DDODIAG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DIALER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRESENTATIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TASKMGR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UNLODCTR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCHK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BOOTCFG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EASEOFACCESSDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MRINFO.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CTFMON.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISM\DISMHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ESENTUTL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETX.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WERMGR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRTNETMUAHOSTSERVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PSR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WRITE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DWWIN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MUIUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGINI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CERTREQ.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DLLHST3G.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FLTMC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MAKECAB.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MMGASERVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPOSHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PROVLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASERVER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPACT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FTP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMECFMUI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BYTECODEGENERATOR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIND.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WSMPROVHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISCSICPL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NEWDEV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RDRLEAKDIAG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UTILMAN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WWAHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\APPIDTEL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLEANMGR.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERQUERY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EHSTORAUTHN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSTSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WOWREG32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOFMT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOUC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX86\MICROSOFT SHARED\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\SQLDUMPER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.LOADER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSTICKYNOTES_3.6.73.0_X64__8WEKYB3D8BBWE\MICROSOFT.NOTES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\GRV_ICONS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMADMINICON.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MIXEDREALITY.PORTAL_2000.19081.1301.0_X64__8WEKYB3D8BBWE\MIXEDREALITYPORTAL.BROKERED.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\WORDCONV.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\IDENTITY_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROLAYOUTRECOGNIZER\ACROLAYOUTRECOGNIZER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\PIPANEL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATECORE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOASB.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-040C-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.GETSTARTED_8.2.22942.0_X64__8WEKYB3D8BBWE\FMUI\FMUI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXIDENTITYPROVIDER_12.50.6001.0_X64__8WEKYB3D8BBWE\XBOXIDP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\EXTEXPORT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATEONDEMAND.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOIA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.ZUNEVIDEO_10.19071.19011.0_X64__8WEKYB3D8BBWE\VIDEO.UI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVSHNOTIFY.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMCLIENTICON.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\CORTANA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\INSTALLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\CHROME_PWA_LAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\KINIT.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\WOW_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JAUREG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGECOMREGISTERSHELLARM64.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCAMERA_2018.826.98.0_X64__8WEKYB3D8BBWE\WINDOWSCAMERA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\CLIENT\APPVDLLSURROGATE32.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\DW20.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.BIOENROLLMENT_CW5N1H2TXYEWY\BIOENROLLMENTHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADELRCP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGASM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WPF\XAMLVIEWER\XAMLVIEWER_V0300.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\EDMGEN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.CREDDIALOGHOST_CW5N1H2TXYEWY\CREDDIALOGHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPREP.CHXAPP_CW5N1H2TXYEWY\CHXSMARTSCREEN.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4BITMAPIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.XGPUEJECTDIALOG_CW5N1H2TXYEWY\XGPUEJECTDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CVTRES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CVTRES.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EULA.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_32\MSBUILD\V4.0_4.0.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADOBECOLLABSYNC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_4.0.15805.0_NONE_73CC8B3E43BA1056\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_32\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.XBOXGAMECALLABLEUI_CW5N1H2TXYEWY\XBOX.TCUI.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\HH.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_646D7347043BE71C\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\JSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\PRINTDIALOG\PRINTDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\SMSVCHOST\V4.0_4.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_WP.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe

"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1836-0-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1836-2-0x0000000000400000-0x000000000041A000-memory.dmp