Malware Analysis Report

2025-08-05 23:33

Sample ID 250119-xt4dssskcp
Target 5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe
SHA256 5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530

Threat Level: Shows suspicious behavior

The file 5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-19 19:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-19 19:09

Reported

2025-01-19 19:11

Platform

win7-20240903-en

Max time kernel

26s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\FTP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MIGWIZ\MIGWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMCLIENT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SDCHANGE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISOBURN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DFRGUI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\INSTALLSHIELD\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REGSVR32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\VERCLSID.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XPSRCHVW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_SSP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WECUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKDSK.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASAUTOU.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UTILMAN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WHOAMI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MSRA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DNSCACHEUGC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LABEL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PING.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGSVR32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SNDVOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DIALER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DWWIN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TIMEOUT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TSWPFWRP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ATBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HELP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ISCSICLI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OPTIONALFEATURES.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\REPLACE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\DIVACX64.INF_AMD64_NEUTRAL_FA0F82F024789743\DITRACE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EHSTORAUTHN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GETMAC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_SSP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FINDSTR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\USER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DVDPLAY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MOUNTVOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SDBINST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WUAPP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMMON32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPDCT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\INSTNM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\OSK.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESHARDWARE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TRACERT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETIEINSTALLEDDATE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\GPSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\MOBSYNC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\POWERCFG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WAITFOR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CALC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LOGMAN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RMACTIVATE_SSP_ISV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\FINGER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER6\ADOBE_UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GRAPH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\IDLJ.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\EXCELCNV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROTEXTEXTRACTOR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\POWERPNT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\SPIDERSOLITAIRE\SPIDERSOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSIDESHOWGADGET.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\BCSSYNC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\IECONTENTSERVICE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SCANPST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MISC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DOWNLOAD\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\CHROME_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLECRASHHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\CHESS\CHESS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INKWATSON.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\POLICYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\TNAMESERV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR APPLICATION INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\INSTALLER\CHRMSTP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS PHOTO VIEWER\IMAGINGDEVICES.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JARSIGNER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\RMIC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\STOPOPEN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\PACK200.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MAHJONG\MAHJONG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPSHARE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JSTACK.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..RESENTATIONSETTINGS_31BF3856AD364E35_6.1.7601.17514_NONE_CB4D60191A09A7B0\PRESENTATIONSETTINGS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OPERTIESPERFORMANCE_31BF3856AD364E35_6.1.7600.16385_NONE_B6CB9ED71C8B43D5\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MAGNIFY_31BF3856AD364E35_6.1.7600.16385_NONE_CA22C913B260E66A\MAGNIFY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REMOTEASSISTANCE-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_934D08D31B96D4EE\MSRA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICEPACKCOORDINATOR_31BF3856AD364E35_6.1.7601.17514_NONE_92E727843E307E1B\SPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-CLR_ILASM_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_8FBF4B0735F59A32\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_SECURITY-MALWARE-WINDOWS-DEFENDER_31BF3856AD364E35_6.1.7601.17514_NONE_B5E2B6396ECEA306\MSASCUI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-DTC-RUNTIME_31BF3856AD364E35_6.1.7600.16385_NONE_7547F48C79B40229\MSDTC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..ING-MANAGEMENT-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_895A2B74415EA575\DISMHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\PRESENTATIONFONTCAC#\0246845F487E5F33D3564EFF578665A3\PRESENTATIONFONTCACHE.NI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONTROL_31BF3856AD364E35_6.1.7600.16385_NONE_F560EAE4C42EDB14\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DXP-DEVICEEXPERIENCE_31BF3856AD364E35_6.1.7601.17514_NONE_A54B31331066C8E2\DXPSERVER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EUDC-SETTINGS_31BF3856AD364E35_6.1.7601.17514_NONE_B84DC938EED78546\EUDCSETTINGS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-SNMP-PROVIDER_31BF3856AD364E35_6.1.7601.17514_NONE_08E183F8DD5F48B7\SMI2SMIR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\DFSVC\261C09179EAE03D67C9B6F3E70B603BD\DFSVC.NI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-COMPLUS-UI_31BF3856AD364E35_6.1.7600.16385_NONE_0C9CB55C61E99805\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASCONNECTIONMANAGER_31BF3856AD364E35_6.1.7601.17514_NONE_BD4644E077251730\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHAREDACCESS_31BF3856AD364E35_6.1.7600.16385_NONE_60C2504D62FD4F0E\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MSBUILD_B03F5F7F11D50A3A_6.1.7601.17514_NONE_0DE23DAF595F5711\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-APPLAUNCH_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_51E5E402131AFC4A\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LEGACYHWUI_31BF3856AD364E35_6.1.7600.16385_NONE_3E69140A61F1EFF5\HDWWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..LICATIONS-CLIENTSKU_31BF3856AD364E35_6.1.7601.17514_NONE_7D0125C85CC31D2A\RDPSHELL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.7601.17514_NONE_D18028273214FA77\SEARCHFILTERHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_A0CF62EFEE3228A3\WAB.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TELNET-SERVER-TLNTSVR_31BF3856AD364E35_6.1.7600.16385_NONE_1AB997FB0A83AFDD\TLNTSVR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICEPACKCOORDINATOR_31BF3856AD364E35_6.1.7601.17514_NONE_92E727843E307E1B\SPINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-LDR64_EXE_31BF3856AD364E35_6.1.7600.16385_NONE_F98E4869675AB367\LDR64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-HTMLAPPLICATION_31BF3856AD364E35_11.2.9600.16428_NONE_3BB1024F1E6BC086\MSHTA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IELOWUTIL_31BF3856AD364E35_11.2.9600.16428_NONE_E8CD1F348648EBD1\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_64\MICROSOFT.W71DAF281#\5ADA68CFA2258A2D4E3C3779106FAF9B\MICROSOFT.WORKFLOW.COMPILER.NI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NG-SPOOLER-SPLWOW64_31BF3856AD364E35_6.1.7601.17514_NONE_25D05769A8973724\SPLWOW64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\COMSVCCONFIG\D632B7434F821829827657E23AC98589\COMSVCCONFIG.NI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OXGAMES-MINESWEEPER_31BF3856AD364E35_6.1.7600.16385_NONE_FE560F0352E04F48\MINESWEEPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-UTILMAN_31BF3856AD364E35_6.1.7600.16385_NONE_5E9EA1964AEE5579\UTILMAN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\NARRATOR\0BAE62C3FC6C327ED24989263988173D\NARRATOR.NI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CALC_31BF3856AD364E35_6.1.7600.16385_NONE_05B2F2E2346CFEA4\CALC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEDIAG_31BF3856AD364E35_11.2.9600.16428_NONE_F937400AA65F97CC\IEDIAGCMD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NOTEPADWIN_31BF3856AD364E35_6.1.7600.16385_NONE_9EBEBE8614BE1470\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\RESET.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\OUTICON.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DPAPI-KEYS_31BF3856AD364E35_6.1.7600.16385_NONE_D9C7C4A2E721DA7E\DPAPIMIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-EHTRAY_31BF3856AD364E35_6.1.7601.17514_NONE_88FF132E83A8A275\EHTRAY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LABEL_31BF3856AD364E35_6.1.7600.16385_NONE_B323FD6EE3F98653\LABEL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_177A088436382A34\WMIADAP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-DEVICES-MCXTASK_31BF3856AD364E35_6.1.7600.16385_NONE_B6BC1AAE9D0693C5\MCXTASK.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-EHMSAS_31BF3856AD364E35_6.1.7600.16385_NONE_8707C620868FDF75\EHMSAS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ISOBURN_31BF3856AD364E35_6.1.7601.17514_NONE_4458AC8EAFDACBDD\ISOBURN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_DIVACX64.INF_31BF3856AD364E35_6.1.7600.16385_NONE_CF37CC4C5BC25DC7\XLOG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\DOSKEY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PING-UTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_052696AEA98BCEFC\PING.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe

"C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-19 19:09

Reported

2025-01-19 19:11

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\MSDT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SEARCHFILTERHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASERVER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHOICE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CURL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RELOG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RPCPING.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMUWPLAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EVENTVWR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INPUTSWITCHTOASTHANDLER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\LOGAGENT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRINT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DWWIN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ESENTUTL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TASKMGR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DOSKEY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\POQEXEC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PSR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESPERFORMANCE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\W32TM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHECKNETISOLATION.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FONTDRVHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASDIAL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WHOAMI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\XWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPAPIMIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WWAHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WIAACMGR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DCOMCNFG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EUDCEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MAKECAB.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RUNAS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SHUTDOWN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DPISCALING.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PCAUI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SECEDIT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TRACERT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NEWDEV.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGINI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CAMERASETTINGSUIHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DIALER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DISKPART.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GPUPDATE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET1.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WRITE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETX.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TPMTOOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETHC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESPROTECTION.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TYPEPERF.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JAUREG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\IDENTITY_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\CLIENT\APPVLP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0C0A-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLERELEVATEDAPPSERVICECLIENT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\APPLETVIEWER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\SMART TAG\SMARTTAGINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX86\MICROSOFT SHARED\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OHUB32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSMAPS_5.1906.1972.0_X64__8WEKYB3D8BBWE\MAPS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACRORD32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\FILECOMPARE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.GETHELP_10.1706.13331.0_X64__8WEKYB3D8BBWE\GETHELP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PJ11ICON.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_4.4.8204.0_X64__8WEKYB3D8BBWE\SOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\DOTNET\DOTNET.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCMD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\NATIVE2ASCII.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MISC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVCLEANER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SDXHELPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.DBCONNECTION64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\DOTNET\SHARED\MICROSOFT.NETCORE.APP\6.0.27\CREATEDUMP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSADEBUGD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SERIALVER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PDFREFLOW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SCHEMAGEN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\XJC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\OFFICEAPPGUARDWIN32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOX.TCUI_1.23.28002.0_X64__8WEKYB3D8BBWE\TCUI-APP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\IDLJ.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\VISICON.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0409-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.OFFICE.ONENOTE_16001.12026.20112.0_X64__8WEKYB3D8BBWE\ONENOTESHARE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WEBPIMAGEEXTENSION_1.0.22753.0_X64__8WEKYB3D8BBWE\CODECPACKS.WEBP.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSSOUNDRECORDER_10.1906.1972.0_X64__8WEKYB3D8BBWE\SOUNDREC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.NETFX45.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\OFFICE16\OLICENSEHEARTBEAT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\CORTANA.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARMHELPER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATEBROKER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.CAPTUREPICKER_CW5N1H2TXYEWY\CAPTUREPICKER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\SMSVCHOST\V4.0_4.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.UNDOCKEDDEVKIT_CW5N1H2TXYEWY\UNDOCKEDDEVKIT.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADDINPROCESS_B77A5C561934E089_4.0.15805.0_NONE_74BABA51266F3010\ADDINPROCESS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DW20.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\CSC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_4.0.15805.0_NONE_73CC8B3E43BA1056\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACROTEXTEXTRACTOR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\WINDOWS.CBSPREVIEW_CW5N1H2TXYEWY\CAMERABARCODESCANNERPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_DATASVCUTIL_B77A5C561934E089_4.0.15805.0_NONE_5B1ADA239E3B0505\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CVTRES.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.PEOPLEEXPERIENCEHOST_CW5N1H2TXYEWY\PEOPLEEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\IEEXEC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SPLWOW64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.SECUREASSESSMENTBROWSER_CW5N1H2TXYEWY\SECUREASSESSMENTBROWSER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINHLP32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\WSATCONFIG\3.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGSQL_B03F5F7F11D50A3A_10.0.19041.1_NONE_C9157DDC38B83B1B\ASPNET_REGSQL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\INPUTAPP\TEXTINPUTHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DFSVC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\REGASM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_10.0.19041.1_NONE_9202844CD514AB44\ASPNET_COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_32\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SMSVCHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.OOBENETWORKCONNECTIONFLOW_CW5N1H2TXYEWY\OOBENETWORKCONNECTIONFLOW.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SPEECH\COMMON\SAPISVR.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.ACCOUNTSCONTROL_CW5N1H2TXYEWY\ACCOUNTSCONTROLHOST.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\DW20.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WPF\PRESENTATIONFONTCACHE.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACRORD32.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe

"C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A