Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649338780497715
Filename:	mal2
Filesize:	66046
MD5:	5daadb531113cad75786097b02e393f0
SHA1:	9dfad0a4084103d1fb53a9e2f7637a5ba7667ceb
SHA256:	f57bc4c23407f071076c629e9ca80dd737d034dafc216595b5fba3e29d4b2c1b
SHA512:	f1b07a57d3f7d2cb48600301fe4a30932f911c3dc370d8a49660487ce51d996d85de8a45614c347b44e5381fb44bfa74ec3b0807f5cd7f18765f19ae2cd0ae38
SSDEEP:	1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZT8DWD1:KQSo7ZL
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s......................:........................4...............4......Q.......~.......Rich............................PE..L..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Creates files in the recycle bin to hide itself	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Drops PE files to the startup folder	Boot Survival
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Uses 32bit PE files	Compliance, System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary	System Information Discovery
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp3.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651406243735568
Encrypted:	false
Size:	66368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Creates files in the recycle bin to hide itself	Hooking and other Techniques for Hiding and Protection	Hidden Files and Directories
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp4.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp4.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.652263941869096
Encrypted:	false
Size:	66368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp5.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp5.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.652168550084945
Encrypted:	false
Size:	66368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp6.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp6.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65227560091227
Encrypted:	false
Size:	66368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Documents and Settings\All Users\.curlrc.exe (copy)
Category:	dropped
Dump:	.curlrc.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\.curlrc.exe (copy)
Category:	dropped
Dump:	.curlrc.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\_curlrc.exe (copy)
Category:	dropped
Dump:	_curlrc.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.exe (copy)
Category:	dropped
Dump:	Adobe Acrobat.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)
Category:	dropped
Dump:	Firefox.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)
Category:	dropped
Dump:	Google Chrome.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp7.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)
Category:	dropped
Dump:	osver.txt.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.exe (copy)
Category:	dropped
Dump:	parse.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.exe (copy)
Category:	dropped
Dump:	Active.GRL.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.exe (copy)
Category:	dropped
Dump:	Pending.GRL.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe (copy)
Category:	dropped
Dump:	Access.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)
Category:	dropped
Dump:	Excel.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe (copy)
Category:	dropped
Dump:	Firefox.lnk.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe (copy)
Category:	dropped
Dump:	OneNote.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)
Category:	dropped
Dump:	Outlook.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)
Category:	dropped
Dump:	Word.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp8.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.exe (copy)
Category:	dropped
Dump:	Adobe Acrobat.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.exe (copy)
Category:	dropped
Dump:	Firefox.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.exe (copy)
Category:	dropped
Dump:	Google Chrome.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp9.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.exe (copy)
Category:	dropped
Dump:	refcount.ini.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe (copy)
Category:	dropped
Dump:	OfficeIntegrator.ps1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.0.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.2.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\EventStore.db.exe (copy)
Category:	dropped
Dump:	EventStore.db.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.exe (copy)
Category:	dropped
Dump:	osver.txt.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.exe (copy)
Category:	dropped
Dump:	MicrosoftEdgeUpdate.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.exe (copy)
Category:	dropped
Dump:	wlidsvcconfig.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.exe (copy)
Category:	dropped
Dump:	edb.chk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.log.exe (copy)
Category:	dropped
Dump:	edb.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb00001.log.exe (copy)
Category:	dropped
Dump:	edb00001.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.exe (copy)
Category:	dropped
Dump:	edbres00001.jrs.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.exe (copy)
Category:	dropped
Dump:	edbres00002.jrs.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.exe (copy)
Category:	dropped
Dump:	edbtmp.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.db.exe (copy)
Category:	dropped
Dump:	qmgr.db.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm.exe (copy)
Category:	dropped
Dump:	qmgr.jfm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.exe (copy)
Category:	dropped
Dump:	ClickToRunPackageLocker.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.exe (copy)
Category:	dropped
Dump:	guest.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\hardz.dat.exe (copy)
Category:	dropped
Dump:	hardz.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\jones.dat.exe (copy)
Category:	dropped
Dump:	jones.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.dat.exe (copy)
Category:	dropped
Dump:	user.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.exe (copy)
Category:	dropped
Dump:	user-192.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.exe (copy)
Category:	dropped
Dump:	user-32.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.exe (copy)
Category:	dropped
Dump:	user-40.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.exe (copy)
Category:	dropped
Dump:	user-48.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.exe (copy)
Category:	dropped
Dump:	user.bmp.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.exe (copy)
Category:	dropped
Dump:	user.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.exe (copy)
Category:	dropped
Dump:	MpDiag.bin.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpenginedb.db.exe (copy)
Category:	dropped
Dump:	mpenginedb.db.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.exe (copy)
Category:	dropped
Dump:	WelcomeScan.jpg.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppxProvisioning.xml.exe (copy)
Category:	dropped
Dump:	AppxProvisioning.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.exe (copy)
Category:	dropped
Dump:	dmrc.idx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CTAC.json.exe (copy)
Category:	dropped
Dump:	CTAC.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CortanaUWP.json.exe (copy)
Category:	dropped
Dump:	CortanaUWP.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\FeatureConfig.json.exe (copy)
Category:	dropped
Dump:	FeatureConfig.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\UsoSettings.json.exe (copy)
Category:	dropped
Dump:	UsoSettings.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\config.json.exe (copy)
Category:	dropped
Dump:	config.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp6.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\wfp\wfpdiag.etl.exe (copy)
Category:	dropped
Dump:	wfpdiag.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe (copy)
Category:	dropped
Dump:	7-Zip File Manager.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe (copy)
Category:	dropped
Dump:	7-Zip Help.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.exe (copy)
Category:	dropped
Dump:	Access.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp12.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Notepad.lnk.exe (copy)
Category:	dropped
Dump:	Notepad.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.exe (copy)
Category:	dropped
Dump:	Paint.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.exe (copy)
Category:	dropped
Dump:	Quick Assist.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.exe (copy)
Category:	dropped
Dump:	Snipping Tool.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.exe (copy)
Category:	dropped
Dump:	Wordpad.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp13.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Adobe Acrobat.lnk.exe (copy)
Category:	dropped
Dump:	Adobe Acrobat.lnk.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Examples.lnk.exe (copy)
Category:	dropped
Dump:	Examples.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.exe (copy)
Category:	dropped
Dump:	Excel.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe (copy)
Category:	dropped
Dump:	Firefox Private Browsing.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.exe (copy)
Category:	dropped
Dump:	Firefox.lnk.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Google Chrome.lnk.exe (copy)
Category:	dropped
Dump:	Google Chrome.lnk.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.exe (copy)
Category:	dropped
Dump:	About Java.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.exe (copy)
Category:	dropped
Dump:	Check For Updates.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.exe (copy)
Category:	dropped
Dump:	Configure Java.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.exe (copy)
Category:	dropped
Dump:	Get Help.url.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.exe (copy)
Category:	dropped
Dump:	Visit Java.com.url.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.exe (copy)
Category:	dropped
Dump:	Desktop.ini.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)
Category:	dropped
Dump:	Microsoft Edge.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.exe (copy)
Category:	dropped
Dump:	OneNote.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.exe (copy)
Category:	dropped
Dump:	Outlook.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.exe (copy)
Category:	dropped
Dump:	PowerPoint.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.exe (copy)
Category:	dropped
Dump:	Publisher.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.exe (copy)
Category:	dropped
Dump:	Skype for Business.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp10.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.exe (copy)
Category:	dropped
Dump:	Task Manager.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp11.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.exe (copy)
Category:	dropped
Dump:	Word.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp8.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp5.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.exe (copy)
Category:	dropped
Dump:	refcount.ini.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe (copy)
Category:	dropped
Dump:	OfficeIntegrator.ps1.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.0.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.1.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe (copy)
Category:	dropped
Dump:	DeploymentConfig.2.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.exe (copy)
Category:	dropped
Dump:	utc.allow.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.exe (copy)
Category:	dropped
Dump:	utc.app.json.bk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.exe (copy)
Category:	dropped
Dump:	utc.app.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe (copy)
Category:	dropped
Dump:	utc.cert.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.exe (copy)
Category:	dropped
Dump:	utc.privacy.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe (copy)
Category:	dropped
Dump:	utc.tracing.json.bk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe (copy)
Category:	dropped
Dump:	utc.tracing.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.exe (copy)
Category:	dropped
Dump:	Diagtrack-Listener.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.exe (copy)
Category:	dropped
Dump:	EventStore.db.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.exe (copy)
Category:	dropped
Dump:	EventStore.db.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.exe (copy)
Category:	dropped
Dump:	wlidsvcconfig.xml.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.exe (copy)
Category:	dropped
Dump:	netcore,Google.Protobuf.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.exe (copy)
Category:	dropped
Dump:	netcore,HtmlAgilityPack.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.exe (copy)
Category:	dropped
Dump:	netcore,MessagePack.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json.exe (copy)
Category:	dropped
Dump:	netcore,Newtonsoft.Json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.exe (copy)
Category:	dropped
Dump:	netcore,Polly,7.2.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.exe (copy)
Category:	dropped
Dump:	netcore,Polly.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.core.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Buffers.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Common.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Transport.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless,5.13.0.exe (copy)
Category:	dropped
Dump:	netcore,Stateless,5.13.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.exe (copy)
Category:	dropped
Dump:	netcore,Stateless.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.exe (copy)
Category:	dropped
Dump:	netcore,System.IO.Pipelines.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management.exe (copy)
Category:	dropped
Dump:	netcore,System.Management.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Auth.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb.exe (copy)
Category:	dropped
Dump:	Windows.edb.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.jfm.exe (copy)
Category:	dropped
Dump:	Windows.jfm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb.jcp.exe (copy)
Category:	dropped
Dump:	edb.jcp.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb.jtx.exe (copy)
Category:	dropped
Dump:	edb.jtx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.exe (copy)
Category:	dropped
Dump:	edb00012.jtx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.exe (copy)
Category:	dropped
Dump:	edb00013.jtx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.exe (copy)
Category:	dropped
Dump:	edb00014.jtx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.exe (copy)
Category:	dropped
Dump:	edbres00001.jrs.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.exe (copy)
Category:	dropped
Dump:	edbres00002.jrs.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.exe (copy)
Category:	dropped
Dump:	edbtmp.jtx.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb.exe (copy)
Category:	dropped
Dump:	tmp.edb.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.exe (copy)
Category:	dropped
Dump:	SmsInterceptStore.db.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.exe (copy)
Category:	dropped
Dump:	SmsInterceptStore.jfm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.exe (copy)
Category:	dropped
Dump:	DesktopSettings2013.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.exe (copy)
Category:	dropped
Dump:	EaseOfAccessSettings2013.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftInternetExplorer2013.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2010.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2013Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2013Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftNotepad.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2010Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2010Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013BackupWin32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013BackupWin64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013Office365Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013Office365Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2013Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2016BackupWin32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2016BackupWin64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2016Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOffice2016Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftWordpad.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe (copy)
Category:	dropped
Dump:	NetworkPrinters.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe (copy)
Category:	dropped
Dump:	RoamingCredentialSettings.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)
Category:	dropped
Dump:	ThemeSettings2013.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml.exe (copy)
Category:	dropped
Dump:	VdiState.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe (copy)
Category:	dropped
Dump:	RegisterInboxTemplates.ps1.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.exe (copy)
Category:	dropped
Dump:	SettingsLocationTemplate.xsd.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.exe (copy)
Category:	dropped
Dump:	SettingsLocationTemplate2013.xsd.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.exe (copy)
Category:	dropped
Dump:	SettingsLocationTemplate2013A.xsd.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.exe (copy)
Category:	dropped
Dump:	user-192.png.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.exe (copy)
Category:	dropped
Dump:	user-32.png.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.exe (copy)
Category:	dropped
Dump:	user-40.png.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.exe (copy)
Category:	dropped
Dump:	user-48.png.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe (copy)
Category:	dropped
Dump:	Policy.vpol.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.exe (copy)
Category:	dropped
Dump:	mpasdlta.lkg.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.exe (copy)
Category:	dropped
Dump:	mpasdlta.vdm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.exe (copy)
Category:	dropped
Dump:	mpavdlta.lkg.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.exe (copy)
Category:	dropped
Dump:	mpavdlta.vdm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.exe (copy)
Category:	dropped
Dump:	mpengine.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.exe (copy)
Category:	dropped
Dump:	mpengine.lkg.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.exe (copy)
Category:	dropped
Dump:	MpClient.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe (copy)
Category:	dropped
Dump:	MpCmdRun.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.exe (copy)
Category:	dropped
Dump:	MpCommu.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe (copy)
Category:	dropped
Dump:	MpDlpCmd.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.exe (copy)
Category:	dropped
Dump:	MpOAV.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.exe (copy)
Category:	dropped
Dump:	MpRtp.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.exe (copy)
Category:	dropped
Dump:	MpSvc.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.exe (copy)
Category:	dropped
Dump:	MpUpdate.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (copy)
Category:	dropped
Dump:	MsMpEng.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.exe (copy)
Category:	dropped
Dump:	MsMpLics.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe (copy)
Category:	dropped
Dump:	NisSrv.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe (copy)
Category:	dropped
Dump:	mpextms.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.exe (copy)
Category:	dropped
Dump:	MpClient.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe (copy)
Category:	dropped
Dump:	MpCmdRun.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.exe (copy)
Category:	dropped
Dump:	MpCommu.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.exe (copy)
Category:	dropped
Dump:	MpDlp.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe (copy)
Category:	dropped
Dump:	MpDlpCmd.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.exe (copy)
Category:	dropped
Dump:	MpRtp.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.exe (copy)
Category:	dropped
Dump:	MpSvc.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.exe (copy)
Category:	dropped
Dump:	MpUpdate.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe (copy)
Category:	dropped
Dump:	MsMpEng.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.exe (copy)
Category:	dropped
Dump:	MsMpLics.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe (copy)
Category:	dropped
Dump:	NisSrv.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe (copy)
Category:	dropped
Dump:	mpextms.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe (copy)
Category:	dropped
Dump:	Detections.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)
Category:	dropped
Dump:	History.Log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)
Category:	dropped
Dump:	Unknown.Log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.exe (copy)
Category:	dropped
Dump:	MpDiag.bin.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)
Category:	dropped
Dump:	MPDetection-20231003-085557.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.exe (copy)
Category:	dropped
Dump:	MPLog-20231003-085557.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.exe (copy)
Category:	dropped
Dump:	confident.cov.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\fyi.cov.exe (copy)
Category:	dropped
Dump:	fyi.cov.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.exe (copy)
Category:	dropped
Dump:	generic.cov.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.exe (copy)
Category:	dropped
Dump:	urgent.cov.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.exe (copy)
Category:	dropped
Dump:	WelcomeFax.tif.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe (copy)
Category:	dropped
Dump:	GeofenceApplicationID.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)
Category:	dropped
Dump:	ASAP_CloudPolicy.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\CortanaUWP.json.exe (copy)
Category:	dropped
Dump:	CortanaUWP.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe (copy)
Category:	dropped
Dump:	DirectXDbVersion.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\SCCInstallService.json.exe (copy)
Category:	dropped
Dump:	SCCInstallService.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\StorageGroveler.json.exe (copy)
Category:	dropped
Dump:	StorageGroveler.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)
Category:	dropped
Dump:	TroubleshootingSvc.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\UsoSettings.json.exe (copy)
Category:	dropped
Dump:	UsoSettings.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe (copy)
Category:	dropped
Dump:	7-Zip Help.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe (copy)
Category:	dropped
Dump:	Notepad.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe (copy)
Category:	dropped
Dump:	Paint.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe (copy)
Category:	dropped
Dump:	Wordpad.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp7.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe (copy)
Category:	dropped
Dump:	Adobe Acrobat.lnk.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe (copy)
Category:	dropped
Dump:	Examples.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe (copy)
Category:	dropped
Dump:	Google Chrome.lnk.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe (copy)
Category:	dropped
Dump:	About Java.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe (copy)
Category:	dropped
Dump:	Configure Java.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe (copy)
Category:	dropped
Dump:	Get Help.url.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe (copy)
Category:	dropped
Dump:	Visit Java.com.url.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe (copy)
Category:	dropped
Dump:	Desktop.ini.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe (copy)
Category:	dropped
Dump:	Microsoft Edge.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe (copy)
Category:	dropped
Dump:	PowerPoint.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe (copy)
Category:	dropped
Dump:	Publisher.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe (copy)
Category:	dropped
Dump:	Skype for Business.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp4.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe (copy)
Category:	dropped
Dump:	state.rsm.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe (copy)
Category:	dropped
Dump:	7-Zip File Manager.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe (copy)
Category:	dropped
Dump:	AutoIt v3 Website.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe (copy)
Category:	dropped
Dump:	AutoItX Help File.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe (copy)
Category:	dropped
Dump:	Browse Extras.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe (copy)
Category:	dropped
Dump:	Run Script (x64).lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe (copy)
Category:	dropped
Dump:	Run Script (x86).lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe (copy)
Category:	dropped
Dump:	SciTE Script Editor.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.exe (copy)
Category:	dropped
Dump:	Firefox Private Browsing.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.exe (copy)
Category:	dropped
Dump:	Check For Updates.lnk.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)
Category:	dropped
Dump:	Database Compare.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe (copy)
Category:	dropped
Dump:	Spreadsheet Compare.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.exe (copy)
Category:	dropped
Dump:	Task Manager.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)
Category:	dropped
Dump:	Windows PowerShell ISE.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.tmp14.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.exe (copy)
Category:	dropped
Dump:	AirSpace.Etw.man.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe (copy)
Category:	dropped
Dump:	integrator.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.exe (copy)
Category:	dropped
Dump:	msoutilstat.etw.man.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.exe (copy)
Category:	dropped
Dump:	wordEtw.man.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe (copy)
Category:	dropped
Dump:	background.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe (copy)
Category:	dropped
Dump:	behavior.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe (copy)
Category:	dropped
Dump:	device.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe (copy)
Category:	dropped
Dump:	overlay.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe (copy)
Category:	dropped
Dump:	superbar.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe (copy)
Category:	dropped
Dump:	background.png.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)
Category:	dropped
Dump:	behavior.xml.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe (copy)
Category:	dropped
Dump:	watermark.png.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.exe (copy)
Category:	dropped
Dump:	folder.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.exe (copy)
Category:	dropped
Dump:	netfol.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.exe (copy)
Category:	dropped
Dump:	pictures.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.exe (copy)
Category:	dropped
Dump:	resource.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.exe (copy)
Category:	dropped
Dump:	ringtones.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.exe (copy)
Category:	dropped
Dump:	settings.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.exe (copy)
Category:	dropped
Dump:	sync.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.exe (copy)
Category:	dropped
Dump:	tasks.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.exe (copy)
Category:	dropped
Dump:	wmp.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.exe (copy)
Category:	dropped
Dump:	folder.ico.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.exe (copy)
Category:	dropped
Dump:	print_pref.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.exe (copy)
Category:	dropped
Dump:	print_queue.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.exe (copy)
Category:	dropped
Dump:	scan_.ico.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.exe (copy)
Category:	dropped
Dump:	tasks.xml.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.exe (copy)
Category:	dropped
Dump:	TELEMETRY.ASM-WINDOWSSQ.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.exe (copy)
Category:	dropped
Dump:	telemetry.ASM-WindowsDefault.json.bk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.exe (copy)
Category:	dropped
Dump:	telemetry.ASM-WindowsDefault.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.exe (copy)
Category:	dropped
Dump:	telemetry.P-Eco3PTelDefault.json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe (copy)
Category:	dropped
Dump:	utc.cert.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe (copy)
Category:	dropped
Dump:	utc.tracing.json.bk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe (copy)
Category:	dropped
Dump:	utc.tracing.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures,0.2.0.exe (copy)
Category:	dropped
Dump:	netcore,ConcurrentDataStructures,0.2.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures.exe (copy)
Category:	dropped
Dump:	netcore,ConcurrentDataStructures.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.exe (copy)
Category:	dropped
Dump:	netcore,Google.Protobuf,3.23.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack,1.11.46.exe (copy)
Category:	dropped
Dump:	netcore,HtmlAgilityPack,1.11.46.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack,2.6.100-alpha.exe (copy)
Category:	dropped
Dump:	netcore,MessagePack,2.6.100-alpha.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations.exe (copy)
Category:	dropped
Dump:	netcore,MessagePack.Annotations.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Common.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core,7.0.5.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Data.Sqlite.Core,7.0.5.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Data.Sqlite.Core.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Memory.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Features,7.0.9.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Features.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.Polly.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Debug.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options,7.0.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Options,7.0.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Options.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Primitives.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Graphics.Win2D.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Logging.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Tokens.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pal.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pbap.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Diagnostics.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Obex,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Obex.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.Vcard.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.NET.StringTools,17.4.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.NET.StringTools.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Rest.ClientRuntime.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Toolkit.Uwp.Notifications.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Windows.Apps.TraceLogging.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Windows.AugLoop.Core.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.WindowsAppSDK.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Xaml.Behaviors.Wpf.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json,10.0.3.exe (copy)
Category:	dropped
Dump:	netcore,Newtonsoft.Json,10.0.3.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http,3.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Polly.Extensions.Http,3.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http.exe (copy)
Category:	dropped
Dump:	netcore,Polly.Extensions.Http.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.bundle_e_sqlite3.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core,2.1.4.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.core,2.1.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.lib.e_sqlite3.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.provider.e_sqlite3.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers,0.7.2012.2221.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Buffers,0.7.2012.2221.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Codecs,0.7.2012.2221.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.Protobuf.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common,0.7.2012.2221.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Common,0.7.2012.2221.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Transport,0.7.2012.2221.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.exe (copy)
Category:	dropped
Dump:	netcore,System.IO.Abstractions,19.2.51.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,System.IO.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,System.IO.Pipelines,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.exe (copy)
Category:	dropped
Dump:	netcore,System.IdentityModel.Tokens.Jwt.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management,7.0.1.exe (copy)
Category:	dropped
Dump:	netcore,System.Management,7.0.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Auth,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Common,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Common.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Onboarding,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.Onboarding.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PhoneLink,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PhoneLink.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.ServicesClient.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.Protocol.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk_.exe (copy)
Category:	dropped
Dump:	edb.chk.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs_.exe (copy)
Category:	dropped
Dump:	edbres00001.jrs.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs_.exe (copy)
Category:	dropped
Dump:	edbres00002.jrs.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftInternetExplorer2013.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftInternetExplorer2013Backup.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2010.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2013Win32.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftLync2013Win64.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin32.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin64.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin32.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin64.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win32.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win64.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe (copy)
Category:	dropped
Dump:	RoamingCredentialSettings.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe (copy)
Category:	dropped
Dump:	ThemeSettings2013.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe (copy)
Category:	dropped
Dump:	Policy.vpol.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe (copy)
Category:	dropped
Dump:	Policy.vpol.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.exe (copy)
Category:	dropped
Dump:	IGD.CAT.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe (copy)
Category:	dropped
Dump:	ConfigSecurityPolicy.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.exe (copy)
Category:	dropped
Dump:	DefenderCSP.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.exe (copy)
Category:	dropped
Dump:	WdBoot.sys.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.exe (copy)
Category:	dropped
Dump:	WdDevFlt.sys.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.exe (copy)
Category:	dropped
Dump:	WdFilter.sys.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdNisDrv.sys.exe (copy)
Category:	dropped
Dump:	WdNisDrv.sys.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.exe (copy)
Category:	dropped
Dump:	Microsoft-Antimalware-NIS.man.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.exe (copy)
Category:	dropped
Dump:	Microsoft-Antimalware-RTP.man.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.exe (copy)
Category:	dropped
Dump:	MpAzSubmit.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe (copy)
Category:	dropped
Dump:	MpCopyAccelerator.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.exe (copy)
Category:	dropped
Dump:	MpDetours.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.exe (copy)
Category:	dropped
Dump:	MpDetoursCopyAccelerator.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.exe (copy)
Category:	dropped
Dump:	MpSenseComm.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.exe (copy)
Category:	dropped
Dump:	MpUxAgent.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.exe (copy)
Category:	dropped
Dump:	Defender.psd1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.exe (copy)
Category:	dropped
Dump:	MSFT_MpScan.cdxml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.exe (copy)
Category:	dropped
Dump:	ThirdPartyNotices.txt.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.exe (copy)
Category:	dropped
Dump:	MpClient.dll.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe (copy)
Category:	dropped
Dump:	MpCmdRun.exe.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.exe (copy)
Category:	dropped
Dump:	MpDetours.dll.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.exe (copy)
Category:	dropped
Dump:	MpOAV.dll.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.exe (copy)
Category:	dropped
Dump:	MsMpLics.dll.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.exe (copy)
Category:	dropped
Dump:	mpasdesc.dll.mui.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp67.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.exe (copy)
Category:	dropped
Dump:	endpointdlp.dll.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp48.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp49.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp22.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp50.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp51.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp52.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp23.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp53.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp54.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp55.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp24.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp56.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp25.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp13.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp57.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp58.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp4.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.exe (copy)
Category:	dropped
Dump:	endpointdlp.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp4.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp3.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp5.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp5.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp6.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp6.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp7.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp8.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp9.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp7.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp4.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp10.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp11.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp8.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp12.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp9.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp5.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp13.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp14.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp15.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp16.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp17.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp10.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp18.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp19.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp11.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp20.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp12.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp6.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp21.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp13.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp22.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp23.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp14.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp7.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp24.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp15.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp8.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp25.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp26.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp27.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp28.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp29.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp16.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp9.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp30.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp31.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp32.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp33.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp17.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp34.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp18.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp35.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp36.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp37.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp38.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp39.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp40.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp41.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp19.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp10.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp42.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp43.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp20.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp11.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp44.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp45.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp46.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp47.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp21.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp12.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp126.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp59.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp127.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp60.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp128.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp129.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp130.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp131.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp61.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp132.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp62.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp31.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp133.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp134.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp135.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp63.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp136.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp64.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp32.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp137.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp138.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp139.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp65.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp140.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp141.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp66.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp142.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp68.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp33.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp143.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp69.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp34.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp144.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.exe (copy)
Category:	dropped
Dump:	IGD.CAT.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe (copy)
Category:	dropped
Dump:	ConfigSecurityPolicy.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.exe (copy)
Category:	dropped
Dump:	DefenderCSP.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.exe (copy)
Category:	dropped
Dump:	WdBoot.sys.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.exe (copy)
Category:	dropped
Dump:	WdDevFlt.sys.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.exe (copy)
Category:	dropped
Dump:	WdFilter.sys.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.exe (copy)
Category:	dropped
Dump:	WdNisDrv.sys.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.exe (copy)
Category:	dropped
Dump:	Microsoft-Antimalware-NIS.man.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.exe (copy)
Category:	dropped
Dump:	Microsoft-Antimalware-RTP.man.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.exe (copy)
Category:	dropped
Dump:	MpAzSubmit.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe (copy)
Category:	dropped
Dump:	MpCopyAccelerator.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe (copy)
Category:	dropped
Dump:	MpDefenderCoreService.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.exe (copy)
Category:	dropped
Dump:	MpDetours.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.exe (copy)
Category:	dropped
Dump:	MpDetoursCopyAccelerator.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.exe (copy)
Category:	dropped
Dump:	MpSenseComm.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.exe (copy)
Category:	dropped
Dump:	MpUxAgent.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.exe (copy)
Category:	dropped
Dump:	Defender.psd1.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.exe (copy)
Category:	dropped
Dump:	MSFT_MpScan.cdxml.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.exe (copy)
Category:	dropped
Dump:	ProtectionManagement.dll.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.exe (copy)
Category:	dropped
Dump:	ProtectionManagement.mof.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.exe (copy)
Category:	dropped
Dump:	ThirdPartyNotices.txt.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe (copy)
Category:	dropped
Dump:	MpCmdRun.exe.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.exe (copy)
Category:	dropped
Dump:	MpDetours.dll.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.exe (copy)
Category:	dropped
Dump:	MsMpLics.dll.tmp1.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.exe (copy)
Category:	dropped
Dump:	mpasdesc.dll.mui.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp56.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\endpointdlp.dll.exe (copy)
Category:	dropped
Dump:	endpointdlp.dll.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp145.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp146.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp70.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp147.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp148.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp149.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp71.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp150.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp151.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp152.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp72.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp153.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp73.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp35.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp154.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp155.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp74.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp36.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp156.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp75.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp37.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp157.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp76.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp38.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp158.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp77.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp159.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp78.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp39.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp160.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.exe (copy)
Category:	dropped
Dump:	endpointdlp.dll.tmp2.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp26.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp14.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp59.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp27.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp60.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp28.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp61.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp62.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp63.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp29.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp15.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp64.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp65.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp30.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp66.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp31.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp16.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp67.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp68.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp69.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp70.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp71.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp32.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp72.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp73.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp33.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp74.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp34.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp17.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp75.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp35.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp76.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp77.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp36.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp18.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp78.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp37.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp19.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp79.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp80.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp81.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp82.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp83.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp38.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp20.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp84.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp85.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp86.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp87.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp39.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp88.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp40.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp89.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp90.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp91.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp92.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp93.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp94.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp95.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp41.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp21.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp96.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp97.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp42.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp22.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp98.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp99.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp100.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp101.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp43.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp23.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp102.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp44.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp24.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp103.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp45.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp25.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp104.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp105.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp46.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp106.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp47.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp26.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp107.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp48.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp108.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp49.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp109.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp110.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp111.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp112.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp50.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp113.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp51.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp27.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp114.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp115.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp116.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp52.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp117.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp53.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp28.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp118.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp119.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp120.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp54.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp121.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp122.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp55.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp123.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp57.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp29.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp124.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.exe (copy)
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp58.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpEvMsg.dll.mui.exe (copy)
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp30.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.exe (copy)
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp125.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.exe (copy)
Category:	dropped
Dump:	2.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.exe (copy)
Category:	dropped
Dump:	0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.exe (copy)
Category:	dropped
Dump:	1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe (copy)
Category:	dropped
Dump:	Detections.log.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe (copy)
Category:	dropped
Dump:	History.Log.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe (copy)
Category:	dropped
Dump:	Unknown.Log.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\3846C1B485BFA46E3AB54DFBE9D1DE49.exe (copy)
Category:	dropped
Dump:	3846C1B485BFA46E3AB54DFBE9D1DE49.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.exe (copy)
Category:	dropped
Dump:	56598B41F139620898884E49C611C148.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.exe (copy)
Category:	dropped
Dump:	81FE2459AB45799D6C1FB53DEEE30AF6.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.exe (copy)
Category:	dropped
Dump:	93BCA88018E5993458BC6BBE55D33E61.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\9BBF8E3725F51A366740AC59C8CBB345.exe (copy)
Category:	dropped
Dump:	9BBF8E3725F51A366740AC59C8CBB345.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.exe (copy)
Category:	dropped
Dump:	A0137882FC829131E8629036339BD1FB.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.exe (copy)
Category:	dropped
Dump:	C73297F3A28B41D0B045DECE1D0D81EF.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe (copy)
Category:	dropped
Dump:	MPDetection-20231003-085557.log.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.exe (copy)
Category:	dropped
Dump:	MPDeviceControl-20231003-122002.log.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe (copy)
Category:	dropped
Dump:	02305155-8ac1-1189-ff55-b7119a53887c.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe (copy)
Category:	dropped
Dump:	03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe (copy)
Category:	dropped
Dump:	0890ad2f-b74f-c384-f684-9c33f8f67924.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe (copy)
Category:	dropped
Dump:	0a8c1492-65ca-6a01-de25-0e183559d10d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe (copy)
Category:	dropped
Dump:	0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)
Category:	dropped
Dump:	13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.exe (copy)
Category:	dropped
Dump:	1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe (copy)
Category:	dropped
Dump:	18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe (copy)
Category:	dropped
Dump:	1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.exe (copy)
Category:	dropped
Dump:	1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.exe (copy)
Category:	dropped
Dump:	1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.exe (copy)
Category:	dropped
Dump:	1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.exe (copy)
Category:	dropped
Dump:	215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.exe (copy)
Category:	dropped
Dump:	26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.exe (copy)
Category:	dropped
Dump:	280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.exe (copy)
Category:	dropped
Dump:	28502d06-9d29-8514-1e5d-64447116d798.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.exe (copy)
Category:	dropped
Dump:	28748306-9f02-a5d7-6ded-4459fddadc31.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.exe (copy)
Category:	dropped
Dump:	292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.exe (copy)
Category:	dropped
Dump:	2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.exe (copy)
Category:	dropped
Dump:	2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.exe (copy)
Category:	dropped
Dump:	306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.exe (copy)
Category:	dropped
Dump:	38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.exe (copy)
Category:	dropped
Dump:	3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.exe (copy)
Category:	dropped
Dump:	3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.exe (copy)
Category:	dropped
Dump:	42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.exe (copy)
Category:	dropped
Dump:	436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.exe (copy)
Category:	dropped
Dump:	4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.exe (copy)
Category:	dropped
Dump:	517cfcaf-138b-1796-2cea-62892204250a.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.exe (copy)
Category:	dropped
Dump:	52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.exe (copy)
Category:	dropped
Dump:	5c834b0b-64f8-6383-854a-915ac7ddab77.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.exe (copy)
Category:	dropped
Dump:	61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.exe (copy)
Category:	dropped
Dump:	630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.exe (copy)
Category:	dropped
Dump:	67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.exe (copy)
Category:	dropped
Dump:	6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.exe (copy)
Category:	dropped
Dump:	6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.exe (copy)
Category:	dropped
Dump:	6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.exe (copy)
Category:	dropped
Dump:	71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.exe (copy)
Category:	dropped
Dump:	71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.exe (copy)
Category:	dropped
Dump:	7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.exe (copy)
Category:	dropped
Dump:	7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.exe (copy)
Category:	dropped
Dump:	8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.exe (copy)
Category:	dropped
Dump:	832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.exe (copy)
Category:	dropped
Dump:	865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.exe (copy)
Category:	dropped
Dump:	8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.exe (copy)
Category:	dropped
Dump:	8cfc804a-d777-2361-1670-4569e516397e.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.exe (copy)
Category:	dropped
Dump:	8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.exe (copy)
Category:	dropped
Dump:	8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.exe (copy)
Category:	dropped
Dump:	91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.exe (copy)
Category:	dropped
Dump:	9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.exe (copy)
Category:	dropped
Dump:	9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.exe (copy)
Category:	dropped
Dump:	a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.exe (copy)
Category:	dropped
Dump:	a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.exe (copy)
Category:	dropped
Dump:	a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.exe (copy)
Category:	dropped
Dump:	abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.exe (copy)
Category:	dropped
Dump:	ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.exe (copy)
Category:	dropped
Dump:	b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.exe (copy)
Category:	dropped
Dump:	b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.exe (copy)
Category:	dropped
Dump:	b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.exe (copy)
Category:	dropped
Dump:	b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.exe (copy)
Category:	dropped
Dump:	bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.exe (copy)
Category:	dropped
Dump:	bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.exe (copy)
Category:	dropped
Dump:	bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.exe (copy)
Category:	dropped
Dump:	c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.exe (copy)
Category:	dropped
Dump:	c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.exe (copy)
Category:	dropped
Dump:	ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.exe (copy)
Category:	dropped
Dump:	cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.exe (copy)
Category:	dropped
Dump:	d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.exe (copy)
Category:	dropped
Dump:	d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.exe (copy)
Category:	dropped
Dump:	e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.exe (copy)
Category:	dropped
Dump:	e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.exe (copy)
Category:	dropped
Dump:	e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.exe (copy)
Category:	dropped
Dump:	e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.exe (copy)
Category:	dropped
Dump:	e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.exe (copy)
Category:	dropped
Dump:	e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.exe (copy)
Category:	dropped
Dump:	ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.exe (copy)
Category:	dropped
Dump:	ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.exe (copy)
Category:	dropped
Dump:	eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.exe (copy)
Category:	dropped
Dump:	f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.exe (copy)
Category:	dropped
Dump:	f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.exe (copy)
Category:	dropped
Dump:	fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe (copy)
Category:	dropped
Dump:	GeofenceApplicationID.dat.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe (copy)
Category:	dropped
Dump:	ASAP_CloudPolicy.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe (copy)
Category:	dropped
Dump:	DirectXDbVersion.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\SCCInstallService.json.exe (copy)
Category:	dropped
Dump:	SCCInstallService.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\StorageGroveler.json.exe (copy)
Category:	dropped
Dump:	StorageGroveler.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe (copy)
Category:	dropped
Dump:	TroubleshootingSvc.json.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe (copy)
Category:	dropped
Dump:	Speech Recognition.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe (copy)
Category:	dropped
Dump:	Math Input Panel.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe (copy)
Category:	dropped
Dump:	Remote Desktop Connection.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe (copy)
Category:	dropped
Dump:	Steps Recorder.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp9.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe (copy)
Category:	dropped
Dump:	Windows Fax and Scan.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe (copy)
Category:	dropped
Dump:	Windows Media Player.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe (copy)
Category:	dropped
Dump:	Disk Cleanup.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe (copy)
Category:	dropped
Dump:	Event Viewer.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe (copy)
Category:	dropped
Dump:	Print Management.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe (copy)
Category:	dropped
Dump:	RecoveryDrive.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe (copy)
Category:	dropped
Dump:	Registry Editor.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe (copy)
Category:	dropped
Dump:	Resource Monitor.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe (copy)
Category:	dropped
Dump:	Task Scheduler.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp10.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe (copy)
Category:	dropped
Dump:	dfrgui.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe (copy)
Category:	dropped
Dump:	iSCSI Initiator.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe (copy)
Category:	dropped
Dump:	services.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe (copy)
Category:	dropped
Dump:	AutoIt Help File.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe (copy)
Category:	dropped
Dump:	AutoIt Window Info (x64).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe (copy)
Category:	dropped
Dump:	AutoIt Window Info (x86).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe (copy)
Category:	dropped
Dump:	Check For SQLite Updates.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.exe (copy)
Category:	dropped
Dump:	Check For Updates.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe (copy)
Category:	dropped
Dump:	AutoIt v3 Website.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe (copy)
Category:	dropped
Dump:	Browse Extras.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe (copy)
Category:	dropped
Dump:	Run Script (x64).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe (copy)
Category:	dropped
Dump:	Run Script (x86).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe (copy)
Category:	dropped
Dump:	SciTE Script Editor.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe (copy)
Category:	dropped
Dump:	desktop.ini.exe.tmp11.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.exe (copy)
Category:	dropped
Dump:	UpdateLock-308046B0AF4A39CB.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe (copy)
Category:	dropped
Dump:	VC_redist.x64.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe (copy)
Category:	dropped
Dump:	state.rsm.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe (copy)
Category:	dropped
Dump:	Character Map.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe (copy)
Category:	dropped
Dump:	Component Services.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe (copy)
Category:	dropped
Dump:	Computer Management.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.exe (copy)
Category:	dropped
Dump:	Memory Diagnostics Tool.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.exe (copy)
Category:	dropped
Dump:	ODBC Data Sources (32-bit).lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.exe (copy)
Category:	dropped
Dump:	ODBC Data Sources (64-bit).lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.exe (copy)
Category:	dropped
Dump:	Performance Monitor.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.exe (copy)
Category:	dropped
Dump:	Security Configuration Management.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe (copy)
Category:	dropped
Dump:	System Configuration.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.exe (copy)
Category:	dropped
Dump:	System Information.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.exe (copy)
Category:	dropped
Dump:	Compile Script to .exe (x64).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.exe (copy)
Category:	dropped
Dump:	Compile Script to .exe (x86).lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe (copy)
Category:	dropped
Dump:	AutoItX Help File.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe (copy)
Category:	dropped
Dump:	Database Compare.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.exe (copy)
Category:	dropped
Dump:	Office Language Preferences.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.exe (copy)
Category:	dropped
Dump:	Skype for Business Recording Manager.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe (copy)
Category:	dropped
Dump:	Spreadsheet Compare.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.exe (copy)
Category:	dropped
Dump:	Telemetry Log for Office.lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.exe (copy)
Category:	dropped
Dump:	Windows PowerShell ISE (x86).lnk.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe (copy)
Category:	dropped
Dump:	Windows PowerShell ISE.lnk.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.exe (copy)
Category:	dropped
Dump:	NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.exe (copy)
Category:	dropped
Dump:	UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.exe (copy)
Category:	dropped
Dump:	regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\VirtualRegistry.dat.exe (copy)
Category:	dropped
Dump:	VirtualRegistry.dat.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.exe (copy)
Category:	dropped
Dump:	s321033.hash.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.exe (copy)
Category:	dropped
Dump:	operations.db.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.exe (copy)
Category:	dropped
Dump:	i320.c2rx.hash.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.exe (copy)
Category:	dropped
Dump:	s320.hash.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.accessmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.dcfmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.excelmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.lyncmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.office64mui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.office64ww.msi.16.x-none.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.officemui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.onenotemui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.osmmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.osmuxmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.outlookmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.exe (copy)
Category:	dropped
Dump:	C2RManifest.wordmui.msi.16.en-us.xml.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe (copy)
Category:	dropped
Dump:	behavior.xml.exe.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe (copy)
Category:	dropped
Dump:	behavior.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.exe (copy)
Category:	dropped
Dump:	resource.xml.tmp0.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.exe (copy)
Category:	dropped
Dump:	netcore,MessagePack.Annotations,2.6.100-alpha.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Connections.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Connections.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Client.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Http.Connections.Client.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.Core.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.DependencyInjection,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.DependencyInjection.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.Polly,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Abstractions.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Debug,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives,7.0.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Primitives,7.0.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.JsonWebTokens.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens,6.32.0.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Tokens,6.32.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.BMessage.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map.BMessage.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Profiles.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics,0.23051.1.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.Diagnostics,0.23051.1.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK,1.3.230724000.exe (copy)
Category:	dropped
Dump:	netcore,Microsoft.WindowsAppSDK,1.3.230724000.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.exe (copy)
Category:	dropped
Dump:	netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.exe (copy)
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt,6.32.0.exe (copy)
Category:	dropped
Dump:	netcore,System.IdentityModel.Tokens.Jwt,6.32.0.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.exe (copy)
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.Wrappers.exe (copy)
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions.Wrappers.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.ServicesClient,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.exe (copy)
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.exe (copy)
Category:	dropped
Dump:	SystemIndex.1.Crwl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.exe (copy)
Category:	dropped
Dump:	SystemIndex.1.gthr.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.exe (copy)
Category:	dropped
Dump:	SystemIndex.2.Crwl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.exe (copy)
Category:	dropped
Dump:	SystemIndex.2.gthr.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.exe (copy)
Category:	dropped
Dump:	SystemIndex.3.Crwl.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.exe (copy)
Category:	dropped
Dump:	SystemIndex.3.gthr.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.exe (copy)
Category:	dropped
Dump:	CiPT0000.000.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.exe (copy)
Category:	dropped
Dump:	CiPT0000.001.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.exe (copy)
Category:	dropped
Dump:	CiPT0000.002.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.exe (copy)
Category:	dropped
Dump:	CiST0000.000.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.exe (copy)
Category:	dropped
Dump:	CiST0000.001.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.exe (copy)
Category:	dropped
Dump:	CiST0000.002.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftInternetExplorer2013Backup.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe (copy)
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win64.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.exe (copy)
Category:	dropped
Dump:	154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.exe (copy)
Category:	dropped
Dump:	2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.exe (copy)
Category:	dropped
Dump:	3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe (copy)
Category:	dropped
Dump:	Policy.vpol_.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe (copy)
Category:	dropped
Dump:	02305155-8ac1-1189-ff55-b7119a53887c.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe (copy)
Category:	dropped
Dump:	03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe (copy)
Category:	dropped
Dump:	0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe (copy)
Category:	dropped
Dump:	0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe (copy)
Category:	dropped
Dump:	0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe (copy)
Category:	dropped
Dump:	13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe (copy)
Category:	dropped
Dump:	18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe (copy)
Category:	dropped
Dump:	1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp.0.dr
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\ProgramData\.curlrc.exe.tmp
Category:	dropped
Dump:	.curlrc.exe.tmp.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648996529126341
Encrypted:	false
Size:	132236
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\.curlrc.tmp
Category:	dropped
Dump:	.curlrc.tmp.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648903049074921
Encrypted:	false
Size:	66126
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.exe.tmp
Category:	dropped
Dump:	refcount.ini.exe.tmp.0.dr
ID:	dr_170
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649202840465909
Encrypted:	false
Size:	132270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.tmp
Category:	dropped
Dump:	refcount.ini.tmp.0.dr
ID:	dr_223
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649518899581309
Encrypted:	false
Size:	66160
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.exe.tmp
Category:	dropped
Dump:	OfficeIntegrator.ps1.exe.tmp.0.dr
ID:	dr_84
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.647516656644587
Encrypted:	false
Size:	142156
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.tmp
Category:	dropped
Dump:	OfficeIntegrator.ps1.tmp.0.dr
ID:	dr_43
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.620950547769958
Encrypted:	false
Size:	76046
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.exe.tmp
Category:	dropped
Dump:	DeploymentConfig.0.xml.exe.tmp.0.dr
ID:	dr_86
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.629005446610012
Encrypted:	false
Size:	136168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.tmp
Category:	dropped
Dump:	DeploymentConfig.0.xml.tmp.0.dr
ID:	dr_44
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.60249158757244
Encrypted:	false
Size:	70058
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.exe.tmp
Category:	dropped
Dump:	DeploymentConfig.1.xml.exe.tmp.0.dr
ID:	dr_89
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.662099705458386
Encrypted:	false
Size:	134984
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.tmp
Category:	dropped
Dump:	DeploymentConfig.1.xml.tmp.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.658815319131534
Encrypted:	false
Size:	68874
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.exe.tmp
Category:	dropped
Dump:	DeploymentConfig.2.xml.exe.tmp.0.dr
ID:	dr_91
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.640074671308375
Encrypted:	false
Size:	134984
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.tmp
Category:	dropped
Dump:	DeploymentConfig.2.xml.tmp.0.dr
ID:	dr_46
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6258389569528955
Encrypted:	false
Size:	68874
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\VirtualRegistry.dat.tmp
Category:	dropped
Dump:	VirtualRegistry.dat.tmp.0.dr
ID:	dr_898
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	4.47844085746072
Encrypted:	false
Size:	7828030
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\en-us.16\s321033.hash.tmp
Category:	dropped
Dump:	s321033.hash.tmp.0.dr
ID:	dr_894
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6486988089977554
Encrypted:	false
Size:	66322
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\operations.db.tmp
Category:	dropped
Dump:	operations.db.tmp.0.dr
ID:	dr_896
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.823300379061847
Encrypted:	false
Size:	11317822
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\i320.c2rx.hash.tmp
Category:	dropped
Dump:	i320.c2rx.hash.tmp.0.dr
ID:	dr_900
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64362827557947
Encrypted:	false
Size:	66378
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\ProductReleases\C773B593-9C79-47E6-BF01-073C12072B16\x-none.16\s320.hash.tmp
Category:	dropped
Dump:	s320.hash.tmp.0.dr
ID:	dr_902
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654515050054101
Encrypted:	false
Size:	66322
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.tmp
Category:	dropped
Dump:	AirSpace.Etw.man.tmp.0.dr
ID:	dr_532
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.303609876765338
Encrypted:	false
Size:	498099
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.accessmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_904
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.844675269919287
Encrypted:	false
Size:	125146
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.dcfmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_906
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.539454740316811
Encrypted:	false
Size:	75924
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.excelmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_908
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.164729224066536
Encrypted:	false
Size:	104080
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.lyncmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_667
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.398159781655303
Encrypted:	false
Size:	88168
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.office64mui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_689
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.526064624714902
Encrypted:	false
Size:	77528
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.tmp
Category:	dropped
Dump:	C2RManifest.office64ww.msi.16.x-none.xml.tmp.0.dr
ID:	dr_687
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	4.684636504035972
Encrypted:	false
Size:	350220
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.officemui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_685
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.313598480060688
Encrypted:	false
Size:	200074
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.onenotemui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_684
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.467004776144712
Encrypted:	false
Size:	84520
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.osmmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_683
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6561343879462935
Encrypted:	false
Size:	70194
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.osmuxmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_682
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.589051095223604
Encrypted:	false
Size:	75830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.outlookmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_681
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.391686248366258
Encrypted:	false
Size:	179196
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.tmp
Category:	dropped
Dump:	C2RManifest.wordmui.msi.16.en-us.xml.tmp.0.dr
ID:	dr_680
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.620055794775649
Encrypted:	false
Size:	148042
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.tmp
Category:	dropped
Dump:	integrator.exe.tmp.0.dr
ID:	dr_535
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.598505569875818
Encrypted:	false
Size:	4498214
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.tmp
Category:	dropped
Dump:	msoutilstat.etw.man.tmp.0.dr
ID:	dr_538
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.057237423681167
Encrypted:	false
Size:	179847
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.tmp
Category:	dropped
Dump:	wordEtw.man.tmp.0.dr
ID:	dr_541
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.5196776705913395
Encrypted:	false
Size:	1198400
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.tmp
Category:	dropped
Dump:	background.png.tmp.0.dr
ID:	dr_544
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.774333177438935
Encrypted:	false
Size:	195855
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.exe.tmp
Category:	dropped
Dump:	behavior.xml.exe.tmp0.0.dr
ID:	dr_698
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.668210038042208
Encrypted:	false
Size:	138046
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tmp
Category:	dropped
Dump:	behavior.xml.tmp.0.dr
ID:	dr_547
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.678519854941809
Encrypted:	false
Size:	71936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.tmp
Category:	dropped
Dump:	device.png.tmp.0.dr
ID:	dr_550
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.434532572551452
Encrypted:	false
Size:	110598
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tmp
Category:	dropped
Dump:	overlay.png.tmp.0.dr
ID:	dr_553
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.264687618456808
Encrypted:	false
Size:	94975
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.tmp
Category:	dropped
Dump:	superbar.png.tmp.0.dr
ID:	dr_555
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.392509826721632
Encrypted:	false
Size:	105489
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tmp
Category:	dropped
Dump:	background.png.tmp0.0.dr
ID:	dr_559
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.77711016614984
Encrypted:	false
Size:	195855
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.exe.tmp
Category:	dropped
Dump:	behavior.xml.exe.tmp.0.dr
ID:	dr_679
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.662402131513682
Encrypted:	false
Size:	135706
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tmp
Category:	dropped
Dump:	behavior.xml.tmp0.0.dr
ID:	dr_562
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.672058682467036
Encrypted:	false
Size:	69596
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.tmp
Category:	dropped
Dump:	watermark.png.tmp.0.dr
ID:	dr_566
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.26977957444002
Encrypted:	false
Size:	94975
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\resource.xml.tmp
Category:	modified
Dump:	resource.xml.tmp0.0.dr
ID:	dr_678
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659836074578838
Encrypted:	false
Size:	68808
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tmp
Category:	dropped
Dump:	folder.ico.tmp.0.dr
ID:	dr_569
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.094929050203935
Encrypted:	false
Size:	119521
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tmp
Category:	dropped
Dump:	netfol.ico.tmp.0.dr
ID:	dr_572
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692870353997069
Encrypted:	false
Size:	95532
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.tmp
Category:	dropped
Dump:	pictures.ico.tmp.0.dr
ID:	dr_575
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.350956511973674
Encrypted:	false
Size:	149670
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tmp
Category:	dropped
Dump:	resource.xml.tmp.0.dr
ID:	dr_578
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656848235559841
Encrypted:	false
Size:	68778
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tmp
Category:	dropped
Dump:	ringtones.ico.tmp.0.dr
ID:	dr_581
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6372315573185015
Encrypted:	false
Size:	117991
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.tmp
Category:	dropped
Dump:	settings.ico.tmp.0.dr
ID:	dr_584
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.1895813230025425
Encrypted:	false
Size:	133774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tmp
Category:	dropped
Dump:	sync.ico.tmp.0.dr
ID:	dr_586
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64242550287829
Encrypted:	false
Size:	115337
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tmp
Category:	dropped
Dump:	tasks.xml.tmp.0.dr
ID:	dr_588
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.612613160291056
Encrypted:	false
Size:	77117
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.tmp
Category:	dropped
Dump:	wmp.ico.tmp.0.dr
ID:	dr_590
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.9526261523024235
Encrypted:	false
Size:	179250
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tmp
Category:	dropped
Dump:	folder.ico.tmp0.0.dr
ID:	dr_592
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.084458736301329
Encrypted:	false
Size:	119521
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.tmp
Category:	dropped
Dump:	print_pref.ico.tmp.0.dr
ID:	dr_594
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.023220413497185
Encrypted:	false
Size:	124422
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.tmp
Category:	dropped
Dump:	print_queue.ico.tmp.0.dr
ID:	dr_596
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.968524584712617
Encrypted:	false
Size:	123443
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.tmp
Category:	dropped
Dump:	scan_.ico.tmp.0.dr
ID:	dr_598
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.825075459414083
Encrypted:	false
Size:	126643
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.tmp
Category:	dropped
Dump:	tasks.xml.tmp0.0.dr
ID:	dr_600
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6134945365889255
Encrypted:	false
Size:	77474
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tmp
Category:	dropped
Dump:	TELEMETRY.ASM-WINDOWSSQ.json.tmp.0.dr
ID:	dr_606
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65170031885471
Encrypted:	false
Size:	66216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.tmp
Category:	dropped
Dump:	telemetry.ASM-WindowsDefault.json.bk.tmp.0.dr
ID:	dr_604
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.986977216574149
Encrypted:	false
Size:	217183
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.tmp
Category:	dropped
Dump:	telemetry.ASM-WindowsDefault.json.tmp.0.dr
ID:	dr_602
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.982362205929497
Encrypted:	false
Size:	217183
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.tmp
Category:	dropped
Dump:	telemetry.P-Eco3PTelDefault.json.tmp.0.dr
ID:	dr_609
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650198036331205
Encrypted:	false
Size:	66224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.tmp
Category:	dropped
Dump:	utc.allow.json.tmp.0.dr
ID:	dr_93
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.15270290803383
Encrypted:	false
Size:	2006084
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tmp
Category:	dropped
Dump:	utc.app.json.bk.tmp.0.dr
ID:	dr_97
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.362701666515058
Encrypted:	false
Size:	178042
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.tmp
Category:	dropped
Dump:	utc.app.json.tmp.0.dr
ID:	dr_95
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.355165162311758
Encrypted:	false
Size:	178159
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.exe.tmp
Category:	dropped
Dump:	utc.cert.json.exe.tmp.0.dr
ID:	dr_611
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.680663196953796
Encrypted:	false
Size:	137666
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tmp
Category:	dropped
Dump:	utc.cert.json.tmp.0.dr
ID:	dr_99
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.704806164341423
Encrypted:	false
Size:	71556
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.tmp
Category:	dropped
Dump:	utc.privacy.json.tmp.0.dr
ID:	dr_100
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.053203652768116
Encrypted:	false
Size:	2215054
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.exe.tmp
Category:	dropped
Dump:	utc.tracing.json.bk.exe.tmp.0.dr
ID:	dr_613
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649632121957463
Encrypted:	false
Size:	132276
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.tmp
Category:	dropped
Dump:	utc.tracing.json.bk.tmp.0.dr
ID:	dr_104
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650046270209301
Encrypted:	false
Size:	66166
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.exe.tmp
Category:	dropped
Dump:	utc.tracing.json.exe.tmp.0.dr
ID:	dr_615
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6494721605646685
Encrypted:	false
Size:	132302
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.tmp
Category:	dropped
Dump:	utc.tracing.json.tmp.0.dr
ID:	dr_102
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649747956066053
Encrypted:	false
Size:	66192
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.tmp
Category:	dropped
Dump:	Diagtrack-Listener.etl.tmp.0.dr
ID:	dr_106
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	2.9682229544065577
Encrypted:	false
Size:	1049150
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\EventStore.db.tmp
Category:	dropped
Dump:	EventStore.db.tmp.0.dr
ID:	dr_47
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.313661993658003
Encrypted:	false
Size:	184894
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.tmp
Category:	dropped
Dump:	EventStore.db.tmp0.0.dr
ID:	dr_108
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.4588110750132035
Encrypted:	false
Size:	98878
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.tmp
Category:	dropped
Dump:	EventStore.db.tmp1.0.dr
ID:	dr_110
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.260253042202296
Encrypted:	false
Size:	94782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\osver.txt.exe.tmp
Category:	dropped
Dump:	osver.txt.exe.tmp.0.dr
ID:	dr_48
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650083918858621
Encrypted:	false
Size:	132240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Diagnosis\osver.txt.tmp
Category:	dropped
Dump:	osver.txt.tmp.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650216122051465
Encrypted:	false
Size:	66130
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Diagnosis\parse.dat.tmp
Category:	dropped
Dump:	parse.dat.tmp.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649873718861166
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.tmp
Category:	dropped
Dump:	MicrosoftEdgeUpdate.log.tmp.0.dr
ID:	dr_49
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	4.497876335559835
Encrypted:	false
Size:	527052
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.tmp
Category:	dropped
Dump:	wlidsvcconfig.xml.tmp.0.dr
ID:	dr_50
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6884048225639825
Encrypted:	false
Size:	79085
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.tmp
Category:	dropped
Dump:	wlidsvcconfig.xml.tmp0.0.dr
ID:	dr_112
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.68275600009784
Encrypted:	false
Size:	80351
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\MF\Active.GRL.tmp
Category:	dropped
Dump:	Active.GRL.tmp.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.576255224854598
Encrypted:	false
Size:	81082
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\MF\Pending.GRL.tmp
Category:	dropped
Dump:	Pending.GRL.tmp.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.515358955566189
Encrypted:	false
Size:	81082
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures,0.2.0.tmp
Category:	dropped
Dump:	netcore,ConcurrentDataStructures,0.2.0.tmp.0.dr
ID:	dr_619
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649612146101586
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,ConcurrentDataStructures.tmp
Category:	dropped
Dump:	netcore,ConcurrentDataStructures.tmp.0.dr
ID:	dr_617
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649558412597111
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf,3.23.4.tmp
Category:	dropped
Dump:	netcore,Google.Protobuf,3.23.4.tmp.0.dr
ID:	dr_621
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649453295340024
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Google.Protobuf.tmp
Category:	dropped
Dump:	netcore,Google.Protobuf.tmp.0.dr
ID:	dr_114
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649427409924442
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack,1.11.46.tmp
Category:	dropped
Dump:	netcore,HtmlAgilityPack,1.11.46.tmp.0.dr
ID:	dr_623
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649640879897453
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,HtmlAgilityPack.tmp
Category:	dropped
Dump:	netcore,HtmlAgilityPack.tmp.0.dr
ID:	dr_116
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649492107704876
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack,2.6.100-alpha.tmp
Category:	dropped
Dump:	netcore,MessagePack,2.6.100-alpha.tmp.0.dr
ID:	dr_625
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649533218437877
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations,2.6.100-alpha.tmp
Category:	dropped
Dump:	netcore,MessagePack.Annotations,2.6.100-alpha.tmp.0.dr
ID:	dr_956
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649823752936716
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.Annotations.tmp
Category:	dropped
Dump:	netcore,MessagePack.Annotations.tmp.0.dr
ID:	dr_627
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649458495890692
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,MessagePack.tmp
Category:	dropped
Dump:	netcore,MessagePack.tmp.0.dr
ID:	dr_118
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6496156033789795
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Connections.Abstractions.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Connections.Abstractions.tmp.0.dr
ID:	dr_955
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649855267540977
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Client.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Http.Connections.Client.tmp.0.dr
ID:	dr_954
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649803547634732
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.Http.Connections.Common.tmp.0.dr
ID:	dr_953
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6498365887023025
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client,7.0.9.tmp.0.dr
ID:	dr_967
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649760877873053
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.Core,7.0.9.tmp.0.dr
ID:	dr_965
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649839515875249
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.Core.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.Core.tmp.0.dr
ID:	dr_966
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649774603848567
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Client.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Client.tmp.0.dr
ID:	dr_628
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649658364296075
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Common,7.0.9.tmp.0.dr
ID:	dr_964
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649796623955695
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Common.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Common.tmp.0.dr
ID:	dr_629
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649786776733519
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp
Category:	dropped
Dump:	netcore,Microsoft.AspNetCore.SignalR.Protocols.Json.tmp.0.dr
ID:	dr_963
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649790964630606
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core,7.0.5.tmp
Category:	dropped
Dump:	netcore,Microsoft.Data.Sqlite.Core,7.0.5.tmp.0.dr
ID:	dr_631
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649499598197197
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Data.Sqlite.Core.tmp
Category:	dropped
Dump:	netcore,Microsoft.Data.Sqlite.Core.tmp.0.dr
ID:	dr_630
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649679859659069
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Abstractions,7.0.0.tmp.0.dr
ID:	dr_961
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649793606672413
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Abstractions.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Abstractions.tmp.0.dr
ID:	dr_962
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64986806748126
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Memory,7.0.0.tmp.0.dr
ID:	dr_960
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649752042044824
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Caching.Memory.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Caching.Memory.tmp.0.dr
ID:	dr_632
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649838923488614
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.DependencyInjection,7.0.0.tmp.0.dr
ID:	dr_958
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649903685505072
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.DependencyInjection.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.DependencyInjection.tmp.0.dr
ID:	dr_959
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649933144483855
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features,7.0.9.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Features,7.0.9.tmp.0.dr
ID:	dr_634
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649784839807321
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Features.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Features.tmp.0.dr
ID:	dr_633
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649898381234515
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http,7.0.0.tmp.0.dr
ID:	dr_636
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649553431767187
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.Polly,7.0.0.tmp.0.dr
ID:	dr_957
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649660913556116
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.Polly.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.Polly.tmp.0.dr
ID:	dr_637
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649630815924439
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Http.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Http.tmp.0.dr
ID:	dr_635
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649607261326529
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging,7.0.0.tmp.0.dr
ID:	dr_645
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649594004109687
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Abstractions,7.0.1.tmp.0.dr
ID:	dr_977
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649824270754004
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Abstractions.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Abstractions.tmp.0.dr
ID:	dr_978
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649785262993057
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Debug,7.0.0.tmp.0.dr
ID:	dr_976
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649689103437559
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.Debug.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.Debug.tmp.0.dr
ID:	dr_646
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649651202595581
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Logging.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Logging.tmp.0.dr
ID:	dr_644
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649698127201333
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options,7.0.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Options,7.0.1.tmp.0.dr
ID:	dr_648
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64956963939892
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Options.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Options.tmp.0.dr
ID:	dr_647
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649727231564208
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives,7.0.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Primitives,7.0.0.tmp.0.dr
ID:	dr_975
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649627043458242
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Extensions.Primitives.tmp
Category:	dropped
Dump:	netcore,Microsoft.Extensions.Primitives.tmp.0.dr
ID:	dr_649
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649540717054592
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Graphics.Win2D,1.0.5.1.tmp.0.dr
ID:	dr_651
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649355856031088
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Graphics.Win2D.tmp
Category:	dropped
Dump:	netcore,Microsoft.Graphics.Win2D.tmp.0.dr
ID:	dr_650
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649542254822065
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Abstractions,6.32.0.tmp.0.dr
ID:	dr_974
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6499556212867095
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Abstractions.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Abstractions.tmp.0.dr
ID:	dr_652
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649682660595846
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.JsonWebTokens,6.32.0.tmp.0.dr
ID:	dr_972
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649957236104249
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.JsonWebTokens.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.JsonWebTokens.tmp.0.dr
ID:	dr_973
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649788399350189
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Logging,6.32.0.tmp.0.dr
ID:	dr_971
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649712891070812
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Logging.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Logging.tmp.0.dr
ID:	dr_653
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649691602495879
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens,6.32.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Tokens,6.32.0.tmp.0.dr
ID:	dr_970
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6496557627665664
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.IdentityModel.Tokens.tmp
Category:	dropped
Dump:	netcore,Microsoft.IdentityModel.Tokens.tmp.0.dr
ID:	dr_336
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649621929262067
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map,0.23051.1.tmp.0.dr
ID:	dr_969
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649781842910383
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.BMessage.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map.BMessage.tmp.0.dr
ID:	dr_968
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649805457865528
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Map.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Map.tmp.0.dr
ID:	dr_339
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649557777564428
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pal,0.23051.1.tmp.0.dr
ID:	dr_989
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6497392246143185
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pal.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pal.tmp.0.dr
ID:	dr_342
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649520070165693
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pbap,0.23051.1.tmp.0.dr
ID:	dr_988
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6496455524095675
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Pbap.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Pbap.tmp.0.dr
ID:	dr_345
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64939231524518
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Profiles,0.23051.1.tmp.0.dr
ID:	dr_986
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649698814095937
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Bluetooth.Profiles.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Bluetooth.Profiles.tmp.0.dr
ID:	dr_987
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649617255508461
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Diagnostics,0.23051.1.tmp.0.dr
ID:	dr_985
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649762551406006
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Diagnostics.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Diagnostics.tmp.0.dr
ID:	dr_348
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649617695101431
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex,0.23051.1.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Obex,0.23051.1.tmp.0.dr
ID:	dr_354
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649581280662127
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.Obex.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.Obex.tmp.0.dr
ID:	dr_351
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649678222204835
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.LibNanoApi.Managed.tmp.0.dr
ID:	dr_984
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649722341051577
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.Vcard,0.22092.18.tmp.0.dr
ID:	dr_983
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649678337099899
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Internal.YourPhone.Vcard.tmp
Category:	dropped
Dump:	netcore,Microsoft.Internal.YourPhone.Vcard.tmp.0.dr
ID:	dr_357
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649692418043136
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools,17.4.0.tmp
Category:	dropped
Dump:	netcore,Microsoft.NET.StringTools,17.4.0.tmp.0.dr
ID:	dr_362
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649606938078165
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.NET.StringTools.tmp
Category:	dropped
Dump:	netcore,Microsoft.NET.StringTools.tmp.0.dr
ID:	dr_360
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649529129749172
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp
Category:	dropped
Dump:	netcore,Microsoft.Rest.ClientRuntime,2.3.24.tmp.0.dr
ID:	dr_369
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649717823324289
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Rest.ClientRuntime.tmp
Category:	dropped
Dump:	netcore,Microsoft.Rest.ClientRuntime.tmp.0.dr
ID:	dr_366
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649552590957575
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.tmp
Category:	dropped
Dump:	netcore,Microsoft.Toolkit.Uwp.Notifications,7.1.2.tmp.0.dr
ID:	dr_982
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649663257694057
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Toolkit.Uwp.Notifications.tmp
Category:	dropped
Dump:	netcore,Microsoft.Toolkit.Uwp.Notifications.tmp.0.dr
ID:	dr_372
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64957864001274
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.tmp
Category:	dropped
Dump:	netcore,Microsoft.Windows.Apps.TraceLogging,1.0.8.tmp.0.dr
ID:	dr_981
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649680752612309
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.Apps.TraceLogging.tmp
Category:	dropped
Dump:	netcore,Microsoft.Windows.Apps.TraceLogging.tmp.0.dr
ID:	dr_375
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649652524422048
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp
Category:	dropped
Dump:	netcore,Microsoft.Windows.AugLoop.Core,0.0.230717008.tmp.0.dr
ID:	dr_980
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649704911049867
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Windows.AugLoop.Core.tmp
Category:	dropped
Dump:	netcore,Microsoft.Windows.AugLoop.Core.tmp.0.dr
ID:	dr_378
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649603011180354
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK,1.3.230724000.tmp
Category:	dropped
Dump:	netcore,Microsoft.WindowsAppSDK,1.3.230724000.tmp.0.dr
ID:	dr_979
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649877688656579
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.WindowsAppSDK.tmp
Category:	dropped
Dump:	netcore,Microsoft.WindowsAppSDK.tmp.0.dr
ID:	dr_381
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6496678668087466
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp
Category:	dropped
Dump:	netcore,Microsoft.Xaml.Behaviors.Wpf,1.1.39.tmp.0.dr
ID:	dr_387
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64967333868881
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Microsoft.Xaml.Behaviors.Wpf.tmp
Category:	dropped
Dump:	netcore,Microsoft.Xaml.Behaviors.Wpf.tmp.0.dr
ID:	dr_384
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649652433324579
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json,10.0.3.tmp
Category:	dropped
Dump:	netcore,Newtonsoft.Json,10.0.3.tmp.0.dr
ID:	dr_390
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649495016451637
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Newtonsoft.Json.tmp
Category:	dropped
Dump:	netcore,Newtonsoft.Json.tmp.0.dr
ID:	dr_120
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64959126063176
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly,7.2.4.tmp
Category:	dropped
Dump:	netcore,Polly,7.2.4.tmp.0.dr
ID:	dr_124
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649342931472113
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http,3.0.0.tmp
Category:	dropped
Dump:	netcore,Polly.Extensions.Http,3.0.0.tmp.0.dr
ID:	dr_396
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649439451023271
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.Extensions.Http.tmp
Category:	dropped
Dump:	netcore,Polly.Extensions.Http.tmp.0.dr
ID:	dr_392
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6495209744218435
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Polly.tmp
Category:	dropped
Dump:	netcore,Polly.tmp.0.dr
ID:	dr_122
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649454267123455
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.bundle_e_sqlite3,2.1.4.tmp.0.dr
ID:	dr_417
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649776700626078
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.bundle_e_sqlite3.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.bundle_e_sqlite3.tmp.0.dr
ID:	dr_414
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649768442712223
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core,2.1.4.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.core,2.1.4.tmp.0.dr
ID:	dr_420
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649767014891764
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.core.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.core.tmp.0.dr
ID:	dr_134
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649401587467554
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.lib.e_sqlite3,2.1.4.tmp.0.dr
ID:	dr_426
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649626410190684
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.lib.e_sqlite3.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.lib.e_sqlite3.tmp.0.dr
ID:	dr_422
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649759600779665
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.provider.e_sqlite3,2.1.4.tmp.0.dr
ID:	dr_999
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649754228188615
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SQLitePCLRaw.provider.e_sqlite3.tmp
Category:	dropped
Dump:	netcore,SQLitePCLRaw.provider.e_sqlite3.tmp.0.dr
ID:	dr_429
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649637262846652
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers,0.7.2012.2221.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Buffers,0.7.2012.2221.tmp.0.dr
ID:	dr_399
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649503560839586
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Buffers.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Buffers.tmp.0.dr
ID:	dr_126
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649369749235044
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs,0.7.2012.2221.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Codecs,0.7.2012.2221.tmp.0.dr
ID:	dr_402
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649343480232495
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.Protobuf,0.7.2012.2221.tmp.0.dr
ID:	dr_1000
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6495684836841775
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.Protobuf.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.Protobuf.tmp.0.dr
ID:	dr_405
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649448317007577
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Codecs.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Codecs.tmp.0.dr
ID:	dr_128
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64933246802702
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common,0.7.2012.2221.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Common,0.7.2012.2221.tmp.0.dr
ID:	dr_408
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649651162185061
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Common.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Common.tmp.0.dr
ID:	dr_130
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649365324754701
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport,0.7.2012.2221.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Transport,0.7.2012.2221.tmp.0.dr
ID:	dr_411
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6495675750174525
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,SpanNetty.Transport.tmp
Category:	dropped
Dump:	netcore,SpanNetty.Transport.tmp.0.dr
ID:	dr_132
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649341197414976
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless,5.13.0.tmp
Category:	dropped
Dump:	netcore,Stateless,5.13.0.tmp.0.dr
ID:	dr_138
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649315876500857
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Stateless.tmp
Category:	dropped
Dump:	netcore,Stateless.tmp.0.dr
ID:	dr_136
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649436826329778
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions,19.2.51.tmp
Category:	dropped
Dump:	netcore,System.IO.Abstractions,19.2.51.tmp.0.dr
ID:	dr_438
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649429910400198
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Abstractions.tmp
Category:	dropped
Dump:	netcore,System.IO.Abstractions.tmp.0.dr
ID:	dr_435
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649583727429705
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines,7.0.0.tmp
Category:	dropped
Dump:	netcore,System.IO.Pipelines,7.0.0.tmp.0.dr
ID:	dr_441
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64929626908956
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IO.Pipelines.tmp
Category:	dropped
Dump:	netcore,System.IO.Pipelines.tmp.0.dr
ID:	dr_140
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649365028781177
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt,6.32.0.tmp
Category:	dropped
Dump:	netcore,System.IdentityModel.Tokens.Jwt,6.32.0.tmp.0.dr
ID:	dr_998
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649639728212237
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.IdentityModel.Tokens.Jwt.tmp
Category:	dropped
Dump:	netcore,System.IdentityModel.Tokens.Jwt.tmp.0.dr
ID:	dr_432
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649554396429527
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management,7.0.1.tmp
Category:	dropped
Dump:	netcore,System.Management,7.0.1.tmp.0.dr
ID:	dr_444
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649288244754678
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,System.Management.tmp
Category:	dropped
Dump:	netcore,System.Management.tmp.0.dr
ID:	dr_142
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649430067255073
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions,19.2.51.tmp.0.dr
ID:	dr_997
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649645501532149
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.Wrappers.tmp
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions.Wrappers.tmp.0.dr
ID:	dr_996
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649627263530088
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,TestableIO.System.IO.Abstractions.tmp
Category:	dropped
Dump:	netcore,TestableIO.System.IO.Abstractions.tmp.0.dr
ID:	dr_447
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649486956890812
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP,0.23082.41.tmp.0.dr
ID:	dr_450
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649519101528346
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Auth,0.23082.41.tmp.0.dr
ID:	dr_452
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649520890126112
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Auth.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Auth.tmp.0.dr
ID:	dr_146
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649372234657365
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Common,0.23082.41.tmp.0.dr
ID:	dr_459
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649500416012574
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Common.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Common.tmp.0.dr
ID:	dr_456
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649519361688986
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Onboarding,0.23082.41.tmp.0.dr
ID:	dr_465
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649541333086633
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.Onboarding.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.Onboarding.tmp.0.dr
ID:	dr_462
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649477356887472
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PhoneLink,0.23082.41.tmp.0.dr
ID:	dr_471
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649429061151697
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PhoneLink.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PhoneLink.tmp.0.dr
ID:	dr_468
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6495301887520055
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk,0.23082.41.tmp.0.dr
ID:	dr_477
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649534978643855
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.Protocol,0.23082.41.tmp.0.dr
ID:	dr_995
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649654248557722
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.Protocol.tmp.0.dr
ID:	dr_480
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649472838459058
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.PlatformSdk.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.PlatformSdk.tmp.0.dr
ID:	dr_474
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649427453809224
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.ServicesClient,0.23082.41.tmp.0.dr
ID:	dr_994
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649806936204701
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.ServicesClient.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.ServicesClient.tmp.0.dr
ID:	dr_483
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649567594619223
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel,0.23082.41.tmp.0.dr
ID:	dr_492
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649791331996082
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.Protocol,0.23082.41.tmp.0.dr
ID:	dr_993
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649759205359465
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.Protocol.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.Protocol.tmp.0.dr
ID:	dr_496
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649700334021571
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.SideChannel.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.SideChannel.tmp.0.dr
ID:	dr_488
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6497364176745855
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,YourPhone.YPP.tmp
Category:	dropped
Dump:	netcore,YourPhone.YPP.tmp.0.dr
ID:	dr_144
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649453495438223
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb.chk.tmp
Category:	dropped
Dump:	edb.chk.tmp0.0.dr
ID:	dr_638
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.42112675593706
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb.log.tmp
Category:	dropped
Dump:	edb.log.tmp0.0.dr
ID:	dr_639
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648812801622042
Encrypted:	false
Size:	66102
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.tmp
Category:	dropped
Dump:	edb00001.log.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	1.9184574306762165
Encrypted:	false
Size:	1376830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.tmp
Category:	dropped
Dump:	edbres00001.jrs.tmp1.0.dr
ID:	dr_640
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.5489217397993839
Encrypted:	false
Size:	1376830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tmp
Category:	dropped
Dump:	edbres00002.jrs.tmp1.0.dr
ID:	dr_641
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.5964091998110805
Encrypted:	false
Size:	1376830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.tmp
Category:	dropped
Dump:	edbtmp.log.tmp0.0.dr
ID:	dr_642
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648833660711456
Encrypted:	false
Size:	66102
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.tmp
Category:	dropped
Dump:	qmgr.db.tmp0.0.dr
ID:	dr_643
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648824282528002
Encrypted:	false
Size:	66102
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tmp
Category:	dropped
Dump:	qmgr.jfm.tmp0.0.dr
ID:	dr_654
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6487742981933735
Encrypted:	false
Size:	66102
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker.tmp
Category:	modified
Dump:	ClickToRunPackageLocker.tmp.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64890068667928
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl.tmp
Category:	dropped
Dump:	SystemIndex.1.Crwl.tmp.0.dr
ID:	dr_992
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649434943232088
Encrypted:	false
Size:	69998
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr.tmp
Category:	dropped
Dump:	SystemIndex.1.gthr.tmp.0.dr
ID:	dr_991
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.293017448494291
Encrypted:	false
Size:	92264
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl.tmp
Category:	dropped
Dump:	SystemIndex.2.Crwl.tmp.0.dr
ID:	dr_990
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659144209703461
Encrypted:	false
Size:	66530
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr.tmp
Category:	dropped
Dump:	SystemIndex.2.gthr.tmp.0.dr
ID:	dr_1011
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.602900533844135
Encrypted:	false
Size:	70922
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl.tmp
Category:	dropped
Dump:	SystemIndex.3.Crwl.tmp.0.dr
ID:	dr_1010
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.667610833570893
Encrypted:	false
Size:	68302
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr.tmp
Category:	dropped
Dump:	SystemIndex.3.gthr.tmp.0.dr
ID:	dr_1009
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4607884225026515
Encrypted:	false
Size:	83296
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000.tmp
Category:	dropped
Dump:	CiPT0000.000.tmp.0.dr
ID:	dr_1008
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660846126695869
Encrypted:	false
Size:	66590
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001.tmp
Category:	dropped
Dump:	CiPT0000.001.tmp.0.dr
ID:	dr_1007
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.383286290928145
Encrypted:	false
Size:	131646
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002.tmp
Category:	dropped
Dump:	CiPT0000.002.tmp.0.dr
ID:	dr_1006
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.16029715329668
Encrypted:	false
Size:	131646
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000.tmp
Category:	dropped
Dump:	CiST0000.000.tmp.0.dr
ID:	dr_1005
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.646166361107121
Encrypted:	false
Size:	66590
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001.tmp
Category:	dropped
Dump:	CiST0000.001.tmp.0.dr
ID:	dr_1004
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.651489030098117
Encrypted:	false
Size:	262718
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002.tmp
Category:	dropped
Dump:	CiST0000.002.tmp.0.dr
ID:	dr_1003
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.6447578486434145
Encrypted:	false
Size:	262718
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb.tmp
Category:	dropped
Dump:	Windows.edb.tmp.0.dr
ID:	dr_166
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	2.074960571132764
Encrypted:	false
Size:	16843326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm.tmp
Category:	dropped
Dump:	Windows.jfm.tmp.0.dr
ID:	dr_172
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.8033832948965
Encrypted:	false
Size:	82494
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp.tmp
Category:	dropped
Dump:	edb.jcp.tmp.0.dr
ID:	dr_148
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.228265836921722
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx.tmp
Category:	dropped
Dump:	edb.jtx.tmp.0.dr
ID:	dr_150
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.9522897012520455
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00012.jtx.tmp
Category:	dropped
Dump:	edb00012.jtx.tmp.0.dr
ID:	dr_152
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.178995026651389
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00013.jtx.tmp
Category:	dropped
Dump:	edb00013.jtx.tmp.0.dr
ID:	dr_154
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	3.9768320227681055
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00014.jtx.tmp
Category:	dropped
Dump:	edb00014.jtx.tmp.0.dr
ID:	dr_156
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.779774209672562
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00001.jrs.tmp
Category:	dropped
Dump:	edbres00001.jrs.tmp0.0.dr
ID:	dr_158
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.7003597275023892
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs.tmp
Category:	dropped
Dump:	edbres00002.jrs.tmp0.0.dr
ID:	dr_160
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	0.7151424543293958
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx.tmp
Category:	dropped
Dump:	edbtmp.jtx.tmp.0.dr
ID:	dr_162
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	3.8553660412186397
Encrypted:	false
Size:	1114686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb.tmp
Category:	dropped
Dump:	tmp.edb.tmp.0.dr
ID:	dr_164
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	2.71389931380689
Encrypted:	false
Size:	229950
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.tmp
Category:	dropped
Dump:	SmsInterceptStore.db.tmp.0.dr
ID:	dr_174
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	3.047880366370548
Encrypted:	false
Size:	262718
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.tmp
Category:	dropped
Dump:	SmsInterceptStore.jfm.tmp.0.dr
ID:	dr_175
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.992894244794586
Encrypted:	false
Size:	82494
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml.tmp
Category:	dropped
Dump:	DesktopSettings2013.xml.tmp.0.dr
ID:	dr_176
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6393716037892805
Encrypted:	false
Size:	84399
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml.tmp
Category:	dropped
Dump:	EaseOfAccessSettings2013.xml.tmp.0.dr
ID:	dr_177
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.673333800197276
Encrypted:	false
Size:	72059
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftInternetExplorer2013.xml.exe.tmp.0.dr
ID:	dr_501
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.671002334300828
Encrypted:	false
Size:	138442
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml.tmp
Category:	dropped
Dump:	MicrosoftInternetExplorer2013.xml.tmp.0.dr
ID:	dr_178
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.672682655197151
Encrypted:	false
Size:	72332
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftInternetExplorer2013Backup.xml.exe.tmp.0.dr
ID:	dr_1002
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664440009139474
Encrypted:	false
Size:	137298
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml.tmp
Category:	dropped
Dump:	MicrosoftInternetExplorer2013Backup.xml.tmp.0.dr
ID:	dr_505
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6680417903022935
Encrypted:	false
Size:	71188
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftLync2010.xml.exe.tmp.0.dr
ID:	dr_509
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660100008602461
Encrypted:	false
Size:	140156
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml.tmp
Category:	dropped
Dump:	MicrosoftLync2010.xml.tmp.0.dr
ID:	dr_179
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655041033478753
Encrypted:	false
Size:	74046
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftLync2013Win32.xml.exe.tmp.0.dr
ID:	dr_513
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664963467618453
Encrypted:	false
Size:	137950
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftLync2013Win32.xml.tmp.0.dr
ID:	dr_180
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6697698469905715
Encrypted:	false
Size:	71840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftLync2013Win64.xml.exe.tmp.0.dr
ID:	dr_517
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670939996681216
Encrypted:	false
Size:	137950
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftLync2013Win64.xml.tmp.0.dr
ID:	dr_191
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.677855527909107
Encrypted:	false
Size:	71840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftNotepad.xml.exe.tmp.0.dr
ID:	dr_192
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6529848131282066
Encrypted:	false
Size:	134134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2010Win32.xml.tmp.0.dr
ID:	dr_193
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2038523000824455
Encrypted:	false
Size:	138895
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2010Win64.xml.tmp.0.dr
ID:	dr_194
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.192402605120822
Encrypted:	false
Size:	138895
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013BackupWin32.xml.tmp.0.dr
ID:	dr_195
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.640636551918244
Encrypted:	false
Size:	79270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013BackupWin64.xml.tmp.0.dr
ID:	dr_196
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648990322468523
Encrypted:	false
Size:	79270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013Office365Win32.xml.tmp.0.dr
ID:	dr_197
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659735018698163
Encrypted:	false
Size:	76706
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013Office365Win64.xml.tmp.0.dr
ID:	dr_198
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654098777914974
Encrypted:	false
Size:	76706
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013Win32.xml.tmp.0.dr
ID:	dr_199
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.219131497119208
Encrypted:	false
Size:	134477
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2013Win64.xml.tmp.0.dr
ID:	dr_200
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.238877820089027
Encrypted:	false
Size:	134477
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2016BackupWin32.xml.tmp.0.dr
ID:	dr_211
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6530555834675535
Encrypted:	false
Size:	79270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2016BackupWin64.xml.tmp.0.dr
ID:	dr_212
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.627289425196499
Encrypted:	false
Size:	79270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2016Win32.xml.tmp.0.dr
ID:	dr_213
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.227631132588206
Encrypted:	false
Size:	131841
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftOffice2016Win64.xml.tmp.0.dr
ID:	dr_214
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.219139571754428
Encrypted:	false
Size:	131844
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin32.xml.exe.tmp.0.dr
ID:	dr_521
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655440350977341
Encrypted:	false
Size:	134792
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml.tmp
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin32.xml.tmp.0.dr
ID:	dr_215
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.658925273587087
Encrypted:	false
Size:	68682
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin64.xml.exe.tmp.0.dr
ID:	dr_524
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655807565613059
Encrypted:	false
Size:	134792
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml.tmp
Category:	dropped
Dump:	MicrosoftOutlook2013CAWin64.xml.tmp.0.dr
ID:	dr_216
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659386113226261
Encrypted:	false
Size:	68682
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin32.xml.exe.tmp.0.dr
ID:	dr_527
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6547668961264055
Encrypted:	false
Size:	134798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.tmp
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin32.xml.tmp.0.dr
ID:	dr_217
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.657540215083889
Encrypted:	false
Size:	68688
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin64.xml.exe.tmp.0.dr
ID:	dr_530
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659126440421646
Encrypted:	false
Size:	134798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.tmp
Category:	dropped
Dump:	MicrosoftOutlook2016CAWin64.xml.tmp.0.dr
ID:	dr_218
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664890768621295
Encrypted:	false
Size:	68688
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win32.xml.exe.tmp.0.dr
ID:	dr_1001
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6651020593781025
Encrypted:	false
Size:	138002
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.tmp
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win32.xml.tmp.0.dr
ID:	dr_533
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.669835380197651
Encrypted:	false
Size:	71892
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win64.xml.exe.tmp.0.dr
ID:	dr_1022
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.665162641164764
Encrypted:	false
Size:	138002
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.tmp
Category:	dropped
Dump:	MicrosoftSkypeForBusiness2016Win64.xml.tmp.0.dr
ID:	dr_536
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6699072417992
Encrypted:	false
Size:	71892
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.exe.tmp
Category:	dropped
Dump:	MicrosoftWordpad.xml.exe.tmp.0.dr
ID:	dr_219
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654004833799127
Encrypted:	false
Size:	134230
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.exe.tmp
Category:	dropped
Dump:	NetworkPrinters.xml.exe.tmp.0.dr
ID:	dr_220
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.672847235435491
Encrypted:	false
Size:	136506
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.exe.tmp
Category:	dropped
Dump:	RoamingCredentialSettings.xml.exe.tmp.0.dr
ID:	dr_539
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.68279600118116
Encrypted:	false
Size:	139054
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.tmp
Category:	dropped
Dump:	RoamingCredentialSettings.xml.tmp.0.dr
ID:	dr_231
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.699773295929258
Encrypted:	false
Size:	72944
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.exe.tmp
Category:	dropped
Dump:	ThemeSettings2013.xml.exe.tmp.0.dr
ID:	dr_542
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.665564171086618
Encrypted:	false
Size:	137432
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.tmp
Category:	dropped
Dump:	ThemeSettings2013.xml.tmp.0.dr
ID:	dr_232
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.674148489669112
Encrypted:	false
Size:	71322
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml.exe.tmp
Category:	dropped
Dump:	VdiState.xml.exe.tmp.0.dr
ID:	dr_233
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656596688743437
Encrypted:	false
Size:	134004
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.exe.tmp
Category:	dropped
Dump:	RegisterInboxTemplates.ps1.exe.tmp.0.dr
ID:	dr_234
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654664285348726
Encrypted:	false
Size:	133442
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.tmp
Category:	dropped
Dump:	SettingsLocationTemplate.xsd.tmp.0.dr
ID:	dr_235
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664976115717109
Encrypted:	false
Size:	75818
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.tmp
Category:	dropped
Dump:	SettingsLocationTemplate2013.xsd.tmp.0.dr
ID:	dr_236
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.646584463193798
Encrypted:	false
Size:	77406
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.tmp
Category:	dropped
Dump:	SettingsLocationTemplate2013A.xsd.tmp.0.dr
ID:	dr_237
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.599061925918189
Encrypted:	false
Size:	80226
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\guest.png.tmp
Category:	dropped
Dump:	guest.png.tmp.0.dr
ID:	dr_167
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.835146302782345
Encrypted:	false
Size:	72163
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\hardz.dat.tmp
Category:	dropped
Dump:	hardz.dat.tmp.0.dr
ID:	dr_168
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648513697489902
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\jones.dat.tmp
Category:	dropped
Dump:	jones.dat.tmp.0.dr
ID:	dr_181
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648516020297181
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user.dat.tmp
Category:	dropped
Dump:	user.dat.tmp.0.dr
ID:	dr_182
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648584834314165
Encrypted:	false
Size:	66110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe.tmp
Category:	dropped
Dump:	user-192.png.exe.tmp.0.dr
ID:	dr_238
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.722615693555927
Encrypted:	false
Size:	137004
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-192.png.tmp
Category:	dropped
Dump:	user-192.png.tmp.0.dr
ID:	dr_183
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.786935753349241
Encrypted:	false
Size:	70894
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe.tmp
Category:	dropped
Dump:	user-32.png.exe.tmp.0.dr
ID:	dr_239
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.663023679863541
Encrypted:	false
Size:	133102
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-32.png.tmp
Category:	dropped
Dump:	user-32.png.tmp.0.dr
ID:	dr_184
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.676587625140383
Encrypted:	false
Size:	66992
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-40.png.exe.tmp
Category:	dropped
Dump:	user-40.png.exe.tmp.0.dr
ID:	dr_240
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.666823924974279
Encrypted:	false
Size:	133270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-40.png.tmp
Category:	dropped
Dump:	user-40.png.tmp.0.dr
ID:	dr_185
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.684108498572948
Encrypted:	false
Size:	67160
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-48.png.exe.tmp
Category:	dropped
Dump:	user-48.png.exe.tmp.0.dr
ID:	dr_241
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6719306002209935
Encrypted:	false
Size:	133454
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user-48.png.tmp
Category:	dropped
Dump:	user-48.png.tmp.0.dr
ID:	dr_186
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.693814164096196
Encrypted:	false
Size:	67344
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user.bmp.tmp
Category:	dropped
Dump:	user.bmp.tmp.0.dr
ID:	dr_187
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	1.448240078109603
Encrypted:	false
Size:	668278
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\User Account Pictures\user.png.tmp
Category:	dropped
Dump:	user.png.tmp.0.dr
ID:	dr_188
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.8276059187095575
Encrypted:	false
Size:	72163
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp
Category:	dropped
Dump:	154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.tmp.0.dr
ID:	dr_1021
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.658373176549877
Encrypted:	false
Size:	66426
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp
Category:	dropped
Dump:	2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.tmp.0.dr
ID:	dr_1012
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650291329581102
Encrypted:	false
Size:	66330
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.tmp
Category:	dropped
Dump:	3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.tmp.0.dr
ID:	dr_1020
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.634299368560623
Encrypted:	false
Size:	66634
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.exe.tmp
Category:	dropped
Dump:	Policy.vpol.exe.tmp.0.dr
ID:	dr_545
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6644871442915745
Encrypted:	false
Size:	133108
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.tmp
Category:	dropped
Dump:	Policy.vpol.tmp0.0.dr
ID:	dr_499
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6641122695490544
Encrypted:	false
Size:	66998
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol_.exe.tmp
Category:	dropped
Dump:	Policy.vpol_.exe.tmp.0.dr
ID:	dr_1019
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.657137262140411
Encrypted:	false
Size:	133108
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.tmp
Category:	dropped
Dump:	mpasdlta.lkg.tmp.0.dr
ID:	dr_75
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.999007945134599
Encrypted:	true
Size:	6738574
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.tmp
Category:	dropped
Dump:	mpasdlta.vdm.tmp.0.dr
ID:	dr_77
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.987119802993933
Encrypted:	false
Size:	1164342
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.tmp
Category:	dropped
Dump:	mpavdlta.lkg.tmp.0.dr
ID:	dr_79
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.992905804625384
Encrypted:	true
Size:	2476710
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.tmp
Category:	dropped
Dump:	mpavdlta.vdm.tmp.0.dr
ID:	dr_81
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.634347542748617
Encrypted:	false
Size:	162966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.tmp
Category:	dropped
Dump:	mpengine.dll.tmp.0.dr
ID:	dr_83
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.409226470313571
Encrypted:	false
Size:	18756526
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.tmp
Category:	dropped
Dump:	mpengine.lkg.tmp.0.dr
ID:	dr_85
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4053366134762735
Encrypted:	false
Size:	18273070
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.tmp
Category:	dropped
Dump:	IGD.CAT.tmp.0.dr
ID:	dr_568
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.116553607065666
Encrypted:	false
Size:	109188
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe.tmp
Category:	dropped
Dump:	ConfigSecurityPolicy.exe.tmp.0.dr
ID:	dr_571
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.524306139931649
Encrypted:	false
Size:	526294
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.tmp
Category:	dropped
Dump:	DefenderCSP.dll.tmp.0.dr
ID:	dr_280
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.426483994033657
Encrypted:	false
Size:	522190
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdBoot.sys.tmp
Category:	dropped
Dump:	WdBoot.sys.tmp.0.dr
ID:	dr_281
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.794179276339577
Encrypted:	false
Size:	121982
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdDevFlt.sys.tmp
Category:	dropped
Dump:	WdDevFlt.sys.tmp.0.dr
ID:	dr_282
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.580437070627544
Encrypted:	false
Size:	310214
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdFilter.sys.tmp
Category:	dropped
Dump:	WdFilter.sys.tmp.0.dr
ID:	dr_283
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.529734189700152
Encrypted:	false
Size:	640982
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\WdNisDrv.sys.tmp
Category:	dropped
Dump:	WdNisDrv.sys.tmp.0.dr
ID:	dr_284
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670624883365562
Encrypted:	false
Size:	171974
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.tmp
Category:	dropped
Dump:	Microsoft-Antimalware-NIS.man.tmp.0.dr
ID:	dr_437
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6798492354431795
Encrypted:	false
Size:	72283
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.tmp
Category:	dropped
Dump:	Microsoft-Antimalware-RTP.man.tmp.0.dr
ID:	dr_440
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6689109250921925
Encrypted:	false
Size:	83012
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.tmp
Category:	dropped
Dump:	MpAsDesc.dll.tmp.0.dr
ID:	dr_88
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.849359520691098
Encrypted:	false
Size:	276414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.tmp
Category:	dropped
Dump:	MpAzSubmit.dll.tmp.0.dr
ID:	dr_449
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4300484144828
Encrypted:	false
Size:	1451966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.tmp
Category:	dropped
Dump:	MpClient.dll.tmp.0.dr
ID:	dr_90
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.323057582628545
Encrypted:	false
Size:	1300430
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.tmp
Category:	dropped
Dump:	MpCmdRun.exe.tmp.0.dr
ID:	dr_92
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.388810139210445
Encrypted:	false
Size:	1662414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.tmp
Category:	dropped
Dump:	MpCommu.dll.tmp.0.dr
ID:	dr_94
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.413378288622113
Encrypted:	false
Size:	427974
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.tmp
Category:	dropped
Dump:	MpCopyAccelerator.exe.tmp.0.dr
ID:	dr_453
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.041389861336331
Encrypted:	false
Size:	249270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.tmp
Category:	dropped
Dump:	MpDetours.dll.tmp.0.dr
ID:	dr_455
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.336269380534702
Encrypted:	false
Size:	251846
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.tmp
Category:	dropped
Dump:	MpDetoursCopyAccelerator.dll.tmp.0.dr
ID:	dr_458
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.196166343124554
Encrypted:	false
Size:	178126
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.tmp
Category:	dropped
Dump:	MpDlpCmd.exe.tmp.0.dr
ID:	dr_96
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.118340433126161
Encrypted:	false
Size:	455974
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.tmp
Category:	dropped
Dump:	MpEvMsg.dll.tmp.0.dr
ID:	dr_98
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.148847467736253
Encrypted:	false
Size:	214974
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpOAV.dll.tmp
Category:	dropped
Dump:	MpOAV.dll.tmp.0.dr
ID:	dr_103
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.204745299091404
Encrypted:	false
Size:	575430
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.tmp
Category:	dropped
Dump:	MpRtp.dll.tmp.0.dr
ID:	dr_105
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.440446291680776
Encrypted:	false
Size:	2602966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.tmp
Category:	dropped
Dump:	MpSenseComm.dll.tmp.0.dr
ID:	dr_461
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.427351061515928
Encrypted:	false
Size:	976830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.tmp
Category:	dropped
Dump:	MpSvc.dll.tmp.0.dr
ID:	dr_107
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.378442465034986
Encrypted:	false
Size:	4102078
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.tmp
Category:	dropped
Dump:	MpUpdate.dll.tmp.0.dr
ID:	dr_109
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.349717516364171
Encrypted:	false
Size:	223182
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.tmp
Category:	dropped
Dump:	MpUxAgent.dll.tmp.0.dr
ID:	dr_464
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.263772685370237
Encrypted:	false
Size:	640966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.tmp
Category:	dropped
Dump:	MsMpEng.exe.tmp.0.dr
ID:	dr_111
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.432969836981704
Encrypted:	false
Size:	199798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.tmp
Category:	dropped
Dump:	MsMpLics.dll.tmp.0.dr
ID:	dr_113
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5629766076085225
Encrypted:	false
Size:	88022
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.tmp
Category:	dropped
Dump:	NisSrv.exe.tmp.0.dr
ID:	dr_115
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.510498917185886
Encrypted:	false
Size:	3187118
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.tmp
Category:	dropped
Dump:	Defender.psd1.tmp.0.dr
ID:	dr_272
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.744796205621513
Encrypted:	false
Size:	81439
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.tmp
Category:	modified
Dump:	MSFT_MpScan.cdxml.tmp.0.dr
ID:	dr_273
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.754031135271634
Encrypted:	false
Size:	83220
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.tmp
Category:	dropped
Dump:	ThirdPartyNotices.txt.tmp0.0.dr
ID:	dr_865
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670427972742508
Encrypted:	false
Size:	72827
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.tmp
Category:	dropped
Dump:	MpAsDesc.dll.tmp2.0.dr
ID:	dr_893
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.071627892084015
Encrypted:	false
Size:	268230
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpClient.dll.tmp
Category:	dropped
Dump:	MpClient.dll.tmp2.0.dr
ID:	dr_895
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.778997278142437
Encrypted:	false
Size:	1033150
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.tmp
Category:	dropped
Dump:	MpCmdRun.exe.tmp2.0.dr
ID:	dr_897
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5817222252540395
Encrypted:	false
Size:	1334046
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.tmp
Category:	dropped
Dump:	MpDetours.dll.tmp2.0.dr
ID:	dr_899
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.899097643131913
Encrypted:	false
Size:	189910
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOAV.dll.tmp
Category:	dropped
Dump:	MpOAV.dll.tmp3.0.dr
ID:	dr_901
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.494176017543751
Encrypted:	false
Size:	503238
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.tmp
Category:	dropped
Dump:	MsMpLics.dll.tmp2.0.dr
ID:	dr_903
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.852756442137011
Encrypted:	false
Size:	79806
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.tmp
Category:	dropped
Dump:	mpasdesc.dll.mui.tmp0.0.dr
ID:	dr_887
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.846746388404556
Encrypted:	false
Size:	116798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp67.0.dr
ID:	dr_889
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.848514044278622
Encrypted:	false
Size:	127446
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.tmp
Category:	dropped
Dump:	endpointdlp.dll.tmp1.0.dr
ID:	dr_890
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.662871565390852
Encrypted:	false
Size:	948566
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp48.0.dr
ID:	dr_531
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.484979793056712
Encrypted:	false
Size:	100814
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp49.0.dr
ID:	dr_534
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.840978197024816
Encrypted:	false
Size:	92094
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp22.0.dr
ID:	dr_537
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.206933159292816
Encrypted:	false
Size:	126910
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp50.0.dr
ID:	dr_540
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.723006170510016
Encrypted:	false
Size:	95686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp51.0.dr
ID:	dr_543
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.677716290294985
Encrypted:	false
Size:	100310
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp52.0.dr
ID:	dr_546
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.582073341308134
Encrypted:	false
Size:	100310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp23.0.dr
ID:	dr_549
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.088854639770423
Encrypted:	false
Size:	133566
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp53.0.dr
ID:	dr_552
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.593790920657078
Encrypted:	false
Size:	100286
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp54.0.dr
ID:	dr_556
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.665885779316324
Encrypted:	false
Size:	101318
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp55.0.dr
ID:	dr_558
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.467989780050192
Encrypted:	false
Size:	99286
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp24.0.dr
ID:	dr_561
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.927777841593016
Encrypted:	false
Size:	136662
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp56.0.dr
ID:	dr_564
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.289816056250878
Encrypted:	false
Size:	100798
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp25.0.dr
ID:	dr_574
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.024148402026343
Encrypted:	false
Size:	131526
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp13.0.dr
ID:	dr_577
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.241145767271238
Encrypted:	false
Size:	121278
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp57.0.dr
ID:	dr_580
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.373404613956921
Encrypted:	false
Size:	98758
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp58.0.dr
ID:	dr_583
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4124182930043165
Encrypted:	false
Size:	101334
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp.0.dr
ID:	dr_274
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.918776979578669
Encrypted:	false
Size:	132030
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp.0.dr
ID:	dr_275
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.098499502062314
Encrypted:	false
Size:	122326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp0.0.dr
ID:	dr_276
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.322471084818254
Encrypted:	false
Size:	99782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp0.0.dr
ID:	dr_277
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.702555656537076
Encrypted:	false
Size:	138702
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp0.0.dr
ID:	dr_278
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.163621058972885
Encrypted:	false
Size:	122326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp1.0.dr
ID:	dr_279
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.390224337178444
Encrypted:	false
Size:	102862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp1.0.dr
ID:	dr_285
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2460687765901115
Encrypted:	false
Size:	143806
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp1.0.dr
ID:	dr_286
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.507891127415963
Encrypted:	false
Size:	127934
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp2.0.dr
ID:	dr_287
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.676143951330241
Encrypted:	false
Size:	102358
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp2.0.dr
ID:	dr_288
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.048980632729877
Encrypted:	false
Size:	127422
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp3.0.dr
ID:	dr_289
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.471026071484804
Encrypted:	false
Size:	98246
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp3.0.dr
ID:	dr_290
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.991873246381624
Encrypted:	false
Size:	127438
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp2.0.dr
ID:	dr_291
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.135816930831767
Encrypted:	false
Size:	119766
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp4.0.dr
ID:	dr_292
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.338454867769535
Encrypted:	false
Size:	98238
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.tmp
Category:	dropped
Dump:	endpointdlp.dll.tmp.0.dr
ID:	dr_293
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.420404096979776
Encrypted:	false
Size:	1197926
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp4.0.dr
ID:	dr_295
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.7128776007135125
Encrypted:	false
Size:	136134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp3.0.dr
ID:	dr_297
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.094575931182842
Encrypted:	false
Size:	126398
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp5.0.dr
ID:	dr_299
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.407889036868511
Encrypted:	false
Size:	101310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp5.0.dr
ID:	dr_301
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.9213262513038885
Encrypted:	false
Size:	135622
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp6.0.dr
ID:	dr_303
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.403649414172657
Encrypted:	false
Size:	101310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp6.0.dr
ID:	dr_305
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.836650164216457
Encrypted:	false
Size:	128470
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp7.0.dr
ID:	dr_307
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.486426863869068
Encrypted:	false
Size:	99782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp8.0.dr
ID:	dr_309
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4803285507660435
Encrypted:	false
Size:	100310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp9.0.dr
ID:	dr_311
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692553011470813
Encrypted:	false
Size:	98246
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp7.0.dr
ID:	dr_313
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.983868716804283
Encrypted:	false
Size:	131526
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp4.0.dr
ID:	dr_315
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.11758867807701
Encrypted:	false
Size:	121278
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp10.0.dr
ID:	dr_317
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.493267955790318
Encrypted:	false
Size:	100294
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp11.0.dr
ID:	dr_319
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.43424949976993
Encrypted:	false
Size:	103366
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp8.0.dr
ID:	dr_321
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.881130600654487
Encrypted:	false
Size:	139710
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp12.0.dr
ID:	dr_323
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.395590636910636
Encrypted:	false
Size:	102862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp9.0.dr
ID:	dr_325
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.687577643386509
Encrypted:	false
Size:	139726
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp5.0.dr
ID:	dr_327
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.072991697617353
Encrypted:	false
Size:	128974
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp13.0.dr
ID:	dr_329
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.446938646628163
Encrypted:	false
Size:	102334
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp14.0.dr
ID:	dr_331
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.433622439055225
Encrypted:	false
Size:	101318
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp15.0.dr
ID:	dr_333
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.423175486677328
Encrypted:	false
Size:	103878
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp16.0.dr
ID:	dr_335
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.429582549973927
Encrypted:	false
Size:	100302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp17.0.dr
ID:	dr_338
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.773286343691505
Encrypted:	false
Size:	101318
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp10.0.dr
ID:	dr_341
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.500374576586982
Encrypted:	false
Size:	120774
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp18.0.dr
ID:	dr_344
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6880974520879946
Encrypted:	false
Size:	94166
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp19.0.dr
ID:	dr_347
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.540176820861393
Encrypted:	false
Size:	101326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp11.0.dr
ID:	dr_350
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.933711359204446
Encrypted:	false
Size:	133582
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp20.0.dr
ID:	dr_353
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.316142352963594
Encrypted:	false
Size:	99798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp12.0.dr
ID:	dr_356
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.952818241761575
Encrypted:	false
Size:	135622
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp6.0.dr
ID:	dr_359
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.187578967500752
Encrypted:	false
Size:	123342
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp21.0.dr
ID:	dr_363
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.515854946360293
Encrypted:	false
Size:	100822
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp13.0.dr
ID:	dr_365
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.979528763401442
Encrypted:	false
Size:	131518
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp22.0.dr
ID:	dr_368
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4865717656818696
Encrypted:	false
Size:	100302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp23.0.dr
ID:	dr_371
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5639413896923875
Encrypted:	false
Size:	98262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp14.0.dr
ID:	dr_374
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.867401987732656
Encrypted:	false
Size:	136126
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp7.0.dr
ID:	dr_377
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.052178019545194
Encrypted:	false
Size:	124870
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp24.0.dr
ID:	dr_380
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.426314882113429
Encrypted:	false
Size:	100822
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp15.0.dr
ID:	dr_383
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.754428856116623
Encrypted:	false
Size:	108502
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp8.0.dr
ID:	dr_386
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.676121582046186
Encrypted:	false
Size:	107462
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp25.0.dr
ID:	dr_389
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.8717589293157975
Encrypted:	false
Size:	90062
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp26.0.dr
ID:	dr_393
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.712799060654495
Encrypted:	false
Size:	100294
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp27.0.dr
ID:	dr_395
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.678028256755141
Encrypted:	false
Size:	100302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp28.0.dr
ID:	dr_398
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.765987057342419
Encrypted:	false
Size:	99782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp29.0.dr
ID:	dr_401
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7387356374282446
Encrypted:	false
Size:	100814
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp16.0.dr
ID:	dr_404
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.941876263639812
Encrypted:	false
Size:	107966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp9.0.dr
ID:	dr_407
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.749998522252327
Encrypted:	false
Size:	104894
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp30.0.dr
ID:	dr_410
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.948612285446599
Encrypted:	false
Size:	89542
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp31.0.dr
ID:	dr_413
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.641912514979694
Encrypted:	false
Size:	99774
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp32.0.dr
ID:	dr_416
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2858072209971905
Encrypted:	false
Size:	101822
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp33.0.dr
ID:	dr_419
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.810350802523187
Encrypted:	false
Size:	97222
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp17.0.dr
ID:	dr_423
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.9969787237808525
Encrypted:	false
Size:	133566
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp34.0.dr
ID:	dr_425
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.545782249303814
Encrypted:	false
Size:	99262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp18.0.dr
ID:	dr_428
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.986218337912525
Encrypted:	false
Size:	133054
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp35.0.dr
ID:	dr_431
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.506979801814467
Encrypted:	false
Size:	99270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp36.0.dr
ID:	dr_434
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.3205605073719076
Encrypted:	false
Size:	99774
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp37.0.dr
ID:	dr_443
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.62538435165368
Encrypted:	false
Size:	101334
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp38.0.dr
ID:	dr_446
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5881691025334455
Encrypted:	false
Size:	103358
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe.tmp
Category:	dropped
Dump:	mpextms.exe.tmp.0.dr
ID:	dr_101
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.585284910319022
Encrypted:	false
Size:	947582
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp39.0.dr
ID:	dr_467
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.542354029383341
Encrypted:	false
Size:	101310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp40.0.dr
ID:	dr_470
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.278048590583375
Encrypted:	false
Size:	100814
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp41.0.dr
ID:	dr_473
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.513977131404075
Encrypted:	false
Size:	101326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp19.0.dr
ID:	dr_476
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.79046671986246
Encrypted:	false
Size:	131006
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp10.0.dr
ID:	dr_479
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.1046902987986655
Encrypted:	false
Size:	121302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp42.0.dr
ID:	dr_485
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.520710393383886
Encrypted:	false
Size:	99270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp43.0.dr
ID:	dr_487
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.626111553123687
Encrypted:	false
Size:	101310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp20.0.dr
ID:	dr_490
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.703019886487348
Encrypted:	false
Size:	136638
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp11.0.dr
ID:	dr_494
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.085807083397322
Encrypted:	false
Size:	122302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp44.0.dr
ID:	dr_498
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.454106763949347
Encrypted:	false
Size:	101318
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp45.0.dr
ID:	dr_503
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.467346466168185
Encrypted:	false
Size:	98774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp46.0.dr
ID:	dr_507
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650980330254342
Encrypted:	false
Size:	101822
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp47.0.dr
ID:	dr_511
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.61757041152435
Encrypted:	false
Size:	102350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp21.0.dr
ID:	dr_515
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.9215596039745755
Encrypted:	false
Size:	138174
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp12.0.dr
ID:	dr_519
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.07840805804283
Encrypted:	false
Size:	126414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp.0.dr
ID:	dr_271
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.311785351719883
Encrypted:	false
Size:	100806
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp126.0.dr
ID:	dr_830
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.617383502371615
Encrypted:	false
Size:	100310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp59.0.dr
ID:	dr_833
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.988423368131841
Encrypted:	false
Size:	133078
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp127.0.dr
ID:	dr_835
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.542797493952168
Encrypted:	false
Size:	99262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp60.0.dr
ID:	dr_837
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.970371814835701
Encrypted:	false
Size:	134078
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp128.0.dr
ID:	dr_839
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4648190950850575
Encrypted:	false
Size:	99798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp129.0.dr
ID:	dr_841
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.51042418258425
Encrypted:	false
Size:	99798
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp130.0.dr
ID:	dr_843
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.528268308777268
Encrypted:	false
Size:	99774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp131.0.dr
ID:	dr_845
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.608205191365078
Encrypted:	false
Size:	100286
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp61.0.dr
ID:	dr_847
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.995225964197444
Encrypted:	false
Size:	133078
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp132.0.dr
ID:	dr_849
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.445732982903098
Encrypted:	false
Size:	100294
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp62.0.dr
ID:	dr_850
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.950623685623776
Encrypted:	false
Size:	130494
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp31.0.dr
ID:	dr_853
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.131960608081244
Encrypted:	false
Size:	120254
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp133.0.dr
ID:	dr_855
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.473718125261689
Encrypted:	false
Size:	98774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp134.0.dr
ID:	dr_857
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.722372097870646
Encrypted:	false
Size:	102350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp135.0.dr
ID:	dr_859
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659138146525359
Encrypted:	false
Size:	100310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp63.0.dr
ID:	dr_861
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.248528001311845
Encrypted:	false
Size:	126918
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp136.0.dr
ID:	dr_863
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7145161237398
Encrypted:	false
Size:	96726
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp64.0.dr
ID:	dr_867
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.040920922248217
Encrypted:	false
Size:	131518
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp32.0.dr
ID:	dr_869
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.184515654886449
Encrypted:	false
Size:	121278
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp137.0.dr
ID:	dr_870
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.372736257502513
Encrypted:	false
Size:	98238
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp138.0.dr
ID:	dr_873
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649521771073277
Encrypted:	false
Size:	99262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp139.0.dr
ID:	dr_875
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.662879774335573
Encrypted:	false
Size:	99262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp65.0.dr
ID:	dr_877
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.240474581873871
Encrypted:	false
Size:	134486
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp140.0.dr
ID:	dr_879
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.622441319471405
Encrypted:	false
Size:	98750
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp141.0.dr
ID:	dr_881
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670148374509392
Encrypted:	false
Size:	99798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp66.0.dr
ID:	dr_883
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.214347045764095
Encrypted:	false
Size:	132030
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp142.0.dr
ID:	dr_885
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.633913963061445
Encrypted:	false
Size:	98774
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp68.0.dr
ID:	dr_905
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.827915080085972
Encrypted:	false
Size:	98262
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp33.0.dr
ID:	dr_907
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.779735443736705
Encrypted:	false
Size:	99774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp143.0.dr
ID:	dr_909
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.918515276562733
Encrypted:	false
Size:	85950
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp69.0.dr
ID:	dr_910
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.934983996817161
Encrypted:	false
Size:	98758
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp34.0.dr
ID:	dr_911
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.743377113748005
Encrypted:	false
Size:	100822
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp144.0.dr
ID:	dr_912
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.92808981672197
Encrypted:	false
Size:	86462
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.tmp
Category:	dropped
Dump:	IGD.CAT.tmp0.0.dr
ID:	dr_925
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.114575689171129
Encrypted:	false
Size:	113305
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe.tmp
Category:	dropped
Dump:	ConfigSecurityPolicy.exe.tmp0.0.dr
ID:	dr_926
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.523840596289949
Encrypted:	false
Size:	526182
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\DefenderCSP.dll.tmp
Category:	dropped
Dump:	DefenderCSP.dll.tmp0.0.dr
ID:	dr_937
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.473972168275484
Encrypted:	false
Size:	522070
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdBoot.sys.tmp
Category:	dropped
Dump:	WdBoot.sys.tmp0.0.dr
ID:	dr_938
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.710240610616513
Encrypted:	false
Size:	121966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdDevFlt.sys.tmp
Category:	dropped
Dump:	WdDevFlt.sys.tmp0.0.dr
ID:	dr_939
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.572267021823067
Encrypted:	false
Size:	312150
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdFilter.sys.tmp
Category:	dropped
Dump:	WdFilter.sys.tmp0.0.dr
ID:	dr_940
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.571810650895329
Encrypted:	false
Size:	638822
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\WdNisDrv.sys.tmp
Category:	dropped
Dump:	WdNisDrv.sys.tmp0.0.dr
ID:	dr_941
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.699655146029303
Encrypted:	false
Size:	171982
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.tmp
Category:	dropped
Dump:	Microsoft-Antimalware-NIS.man.tmp0.0.dr
ID:	dr_723
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6798642547389155
Encrypted:	false
Size:	72283
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.tmp
Category:	dropped
Dump:	Microsoft-Antimalware-RTP.man.tmp0.0.dr
ID:	dr_724
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.67314293827574
Encrypted:	false
Size:	83012
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAsDesc.dll.tmp
Category:	dropped
Dump:	MpAsDesc.dll.tmp0.0.dr
ID:	dr_117
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.8621331757166875
Encrypted:	false
Size:	276310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpAzSubmit.dll.tmp
Category:	dropped
Dump:	MpAzSubmit.dll.tmp0.0.dr
ID:	dr_727
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.430249707858385
Encrypted:	false
Size:	1451878
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpClient.dll.tmp
Category:	dropped
Dump:	MpClient.dll.tmp0.0.dr
ID:	dr_119
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.324273835390668
Encrypted:	false
Size:	1316710
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe.tmp
Category:	dropped
Dump:	MpCmdRun.exe.tmp0.0.dr
ID:	dr_121
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.388944470821957
Encrypted:	false
Size:	1662414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCommu.dll.tmp
Category:	dropped
Dump:	MpCommu.dll.tmp0.0.dr
ID:	dr_123
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.389927536302255
Encrypted:	false
Size:	427862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe.tmp
Category:	dropped
Dump:	MpCopyAccelerator.exe.tmp0.0.dr
ID:	dr_728
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.041034638433639
Encrypted:	false
Size:	249270
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe.tmp
Category:	dropped
Dump:	MpDefenderCoreService.exe.tmp.0.dr
ID:	dr_729
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.606609646122599
Encrypted:	false
Size:	1947526
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetours.dll.tmp
Category:	dropped
Dump:	MpDetours.dll.tmp0.0.dr
ID:	dr_730
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.243283371619055
Encrypted:	false
Size:	251750
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDetoursCopyAccelerator.dll.tmp
Category:	dropped
Dump:	MpDetoursCopyAccelerator.dll.tmp0.0.dr
ID:	dr_731
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.213054801190096
Encrypted:	false
Size:	178134
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlp.dll.tmp
Category:	dropped
Dump:	MpDlp.dll.tmp.0.dr
ID:	dr_125
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.445372190564435
Encrypted:	false
Size:	1259350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe.tmp
Category:	dropped
Dump:	MpDlpCmd.exe.tmp0.0.dr
ID:	dr_127
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.118099541039572
Encrypted:	false
Size:	455894
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpEvMsg.dll.tmp
Category:	dropped
Dump:	MpEvMsg.dll.tmp0.0.dr
ID:	dr_129
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.199816128130788
Encrypted:	false
Size:	214990
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpOAV.dll.tmp
Category:	dropped
Dump:	MpOAV.dll.tmp1.0.dr
ID:	dr_769
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.248107377302907
Encrypted:	false
Size:	575334
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpRtp.dll.tmp
Category:	dropped
Dump:	MpRtp.dll.tmp0.0.dr
ID:	dr_135
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.418452894940531
Encrypted:	false
Size:	2037590
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSenseComm.dll.tmp
Category:	dropped
Dump:	MpSenseComm.dll.tmp0.0.dr
ID:	dr_732
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.441531818255584
Encrypted:	false
Size:	976726
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpSvc.dll.tmp
Category:	dropped
Dump:	MpSvc.dll.tmp0.0.dr
ID:	dr_137
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.373610471666719
Encrypted:	false
Size:	4007782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUpdate.dll.tmp
Category:	dropped
Dump:	MpUpdate.dll.tmp0.0.dr
ID:	dr_139
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.375928515316627
Encrypted:	false
Size:	223062
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpUxAgent.dll.tmp
Category:	dropped
Dump:	MpUxAgent.dll.tmp0.0.dr
ID:	dr_733
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.224097976353671
Encrypted:	false
Size:	640854
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe.tmp
Category:	dropped
Dump:	MsMpEng.exe.tmp0.0.dr
ID:	dr_141
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.436461667078004
Encrypted:	false
Size:	199694
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpLics.dll.tmp
Category:	dropped
Dump:	MsMpLics.dll.tmp0.0.dr
ID:	dr_143
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.555075070373959
Encrypted:	false
Size:	87910
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe.tmp
Category:	dropped
Dump:	NisSrv.exe.tmp0.0.dr
ID:	dr_145
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.506062017641542
Encrypted:	false
Size:	3183014
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.tmp
Category:	dropped
Dump:	Defender.psd1.tmp0.0.dr
ID:	dr_750
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.761509771091592
Encrypted:	false
Size:	81291
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.tmp
Category:	dropped
Dump:	MSFT_MpScan.cdxml.tmp0.0.dr
ID:	dr_751
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.751776505428994
Encrypted:	false
Size:	83054
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.dll.tmp
Category:	dropped
Dump:	ProtectionManagement.dll.tmp.0.dr
ID:	dr_752
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.253494520921569
Encrypted:	false
Size:	841558
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.tmp
Category:	dropped
Dump:	ProtectionManagement.mof.tmp.0.dr
ID:	dr_753
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.356593700000625
Encrypted:	false
Size:	174060
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.tmp
Category:	dropped
Dump:	ThirdPartyNotices.txt.tmp.0.dr
ID:	dr_783
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.668938168171382
Encrypted:	false
Size:	72827
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpAsDesc.dll.tmp
Category:	dropped
Dump:	MpAsDesc.dll.tmp1.0.dr
ID:	dr_797
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.073709319866121
Encrypted:	false
Size:	268134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpClient.dll.tmp
Category:	dropped
Dump:	MpClient.dll.tmp1.0.dr
ID:	dr_798
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.792393975074369
Encrypted:	false
Size:	1043302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe.tmp
Category:	dropped
Dump:	MpCmdRun.exe.tmp1.0.dr
ID:	dr_799
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.580840218643422
Encrypted:	false
Size:	1334174
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpDetours.dll.tmp
Category:	dropped
Dump:	MpDetours.dll.tmp1.0.dr
ID:	dr_800
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.970758348981109
Encrypted:	false
Size:	189782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpOAV.dll.tmp
Category:	dropped
Dump:	MpOAV.dll.tmp2.0.dr
ID:	dr_801
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.484641254933045
Encrypted:	false
Size:	503230
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MsMpLics.dll.tmp
Category:	dropped
Dump:	MsMpLics.dll.tmp1.0.dr
ID:	dr_802
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.742801876127667
Encrypted:	false
Size:	79718
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.tmp
Category:	dropped
Dump:	mpasdesc.dll.mui.tmp.0.dr
ID:	dr_794
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.77108724097913
Encrypted:	false
Size:	116798
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp56.0.dr
ID:	dr_795
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.0433836195810136
Encrypted:	false
Size:	127422
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\endpointdlp.dll.tmp
Category:	dropped
Dump:	endpointdlp.dll.tmp0.0.dr
ID:	dr_796
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648680724119856
Encrypted:	false
Size:	961998
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp145.0.dr
ID:	dr_913
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2870968169623245
Encrypted:	false
Size:	100694
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp146.0.dr
ID:	dr_914
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.853931886440092
Encrypted:	false
Size:	92110
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp70.0.dr
ID:	dr_915
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.327177380376042
Encrypted:	false
Size:	127438
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp147.0.dr
ID:	dr_916
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.719643986995094
Encrypted:	false
Size:	95574
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp148.0.dr
ID:	dr_917
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.784869458521217
Encrypted:	false
Size:	100182
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp149.0.dr
ID:	dr_918
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.510634041089261
Encrypted:	false
Size:	100182
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp71.0.dr
ID:	dr_919
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.159909256658614
Encrypted:	false
Size:	133990
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp150.0.dr
ID:	dr_920
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.591676985408267
Encrypted:	false
Size:	100198
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp151.0.dr
ID:	dr_921
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.74462794464992
Encrypted:	false
Size:	101206
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp152.0.dr
ID:	dr_922
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.332459955948972
Encrypted:	false
Size:	99158
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp72.0.dr
ID:	dr_923
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.715619107865871
Encrypted:	false
Size:	136550
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp153.0.dr
ID:	dr_924
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.477887402259665
Encrypted:	false
Size:	100694
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp73.0.dr
ID:	dr_927
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.076066091947766
Encrypted:	false
Size:	131414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp35.0.dr
ID:	dr_928
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.167654594133094
Encrypted:	false
Size:	121174
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp154.0.dr
ID:	dr_929
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.554612024363827
Encrypted:	false
Size:	98646
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp155.0.dr
ID:	dr_930
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4693320688518865
Encrypted:	false
Size:	101222
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp74.0.dr
ID:	dr_931
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.969775750830475
Encrypted:	false
Size:	132438
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp36.0.dr
ID:	dr_932
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.944214117137443
Encrypted:	false
Size:	122198
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp156.0.dr
ID:	dr_933
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.447950502327684
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp75.0.dr
ID:	dr_934
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.889690338567671
Encrypted:	false
Size:	139094
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp37.0.dr
ID:	dr_935
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.161985800737935
Encrypted:	false
Size:	122198
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp157.0.dr
ID:	dr_936
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.444460602489131
Encrypted:	false
Size:	102742
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp76.0.dr
ID:	dr_942
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.26427869123585
Encrypted:	false
Size:	144214
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp38.0.dr
ID:	dr_943
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.488720359095983
Encrypted:	false
Size:	127830
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp158.0.dr
ID:	dr_944
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.673070214429221
Encrypted:	false
Size:	102246
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp77.0.dr
ID:	dr_945
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.838914447522423
Encrypted:	false
Size:	127318
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp159.0.dr
ID:	dr_946
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.527050017436911
Encrypted:	false
Size:	98150
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp78.0.dr
ID:	dr_947
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.0347162694544805
Encrypted:	false
Size:	127438
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp39.0.dr
ID:	dr_948
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.127624603705985
Encrypted:	false
Size:	119638
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp160.0.dr
ID:	dr_949
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.333300873937804
Encrypted:	false
Size:	98134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\endpointdlp.dll.tmp
Category:	dropped
Dump:	endpointdlp.dll.tmp2.0.dr
ID:	dr_950
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4290289885298275
Encrypted:	false
Size:	1214310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp26.0.dr
ID:	dr_657
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.710061281923728
Encrypted:	false
Size:	136534
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp14.0.dr
ID:	dr_658
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.084772715841595
Encrypted:	false
Size:	126310
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp59.0.dr
ID:	dr_659
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.408571685483763
Encrypted:	false
Size:	101206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp27.0.dr
ID:	dr_660
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.925958992437294
Encrypted:	false
Size:	136022
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp60.0.dr
ID:	dr_661
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.400778720519781
Encrypted:	false
Size:	101206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp28.0.dr
ID:	dr_662
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.042517274780751
Encrypted:	false
Size:	128974
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp61.0.dr
ID:	dr_663
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.485112124952301
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp62.0.dr
ID:	dr_664
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.418960836068421
Encrypted:	false
Size:	100198
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp63.0.dr
ID:	dr_665
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.596704392480048
Encrypted:	false
Size:	98134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp29.0.dr
ID:	dr_666
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.994444773282061
Encrypted:	false
Size:	131942
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp15.0.dr
ID:	dr_668
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.186828747177598
Encrypted:	false
Size:	121190
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp64.0.dr
ID:	dr_669
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.428045394805991
Encrypted:	false
Size:	100182
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp65.0.dr
ID:	dr_670
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.368290970135324
Encrypted:	false
Size:	103254
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp30.0.dr
ID:	dr_671
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.822079986417589
Encrypted:	false
Size:	140118
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp66.0.dr
ID:	dr_672
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.45211900330052
Encrypted:	false
Size:	102862
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp31.0.dr
ID:	dr_673
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.8256964950291925
Encrypted:	false
Size:	140134
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp16.0.dr
ID:	dr_674
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.069372414308778
Encrypted:	false
Size:	128854
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp67.0.dr
ID:	dr_675
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.39016183195539
Encrypted:	false
Size:	102350
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp68.0.dr
ID:	dr_676
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.301571131454399
Encrypted:	false
Size:	101206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp69.0.dr
ID:	dr_677
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.41716125903887
Encrypted:	false
Size:	103766
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp70.0.dr
ID:	dr_686
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.29885091722489
Encrypted:	false
Size:	100182
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp71.0.dr
ID:	dr_688
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.754206018200408
Encrypted:	false
Size:	101222
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp32.0.dr
ID:	dr_690
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4393885994980105
Encrypted:	false
Size:	121190
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp72.0.dr
ID:	dr_691
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.808403719217269
Encrypted:	false
Size:	94038
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp73.0.dr
ID:	dr_692
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.608947047023599
Encrypted:	false
Size:	101206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp33.0.dr
ID:	dr_693
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.931836846483851
Encrypted:	false
Size:	133462
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp74.0.dr
ID:	dr_694
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.451336511387178
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp34.0.dr
ID:	dr_695
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.790422151510321
Encrypted:	false
Size:	135526
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp17.0.dr
ID:	dr_696
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.188582493491921
Encrypted:	false
Size:	123238
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp75.0.dr
ID:	dr_697
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.514488605499128
Encrypted:	false
Size:	100814
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp35.0.dr
ID:	dr_699
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.965024251002354
Encrypted:	false
Size:	131926
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp76.0.dr
ID:	dr_700
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4875898857410625
Encrypted:	false
Size:	100182
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp77.0.dr
ID:	dr_701
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.56128967071288
Encrypted:	false
Size:	98150
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp36.0.dr
ID:	dr_702
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.9094406793205305
Encrypted:	false
Size:	136142
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp18.0.dr
ID:	dr_703
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.8967415510898356
Encrypted:	false
Size:	124758
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp78.0.dr
ID:	dr_704
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.286690951639162
Encrypted:	false
Size:	100710
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp37.0.dr
ID:	dr_705
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.773934216820574
Encrypted:	false
Size:	108374
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp19.0.dr
ID:	dr_706
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659438461514987
Encrypted:	false
Size:	107366
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp79.0.dr
ID:	dr_707
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.829551258432081
Encrypted:	false
Size:	89942
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp80.0.dr
ID:	dr_708
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.739719095676204
Encrypted:	false
Size:	100182
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp81.0.dr
ID:	dr_709
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.628969162913554
Encrypted:	false
Size:	100310
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp82.0.dr
ID:	dr_710
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.688253745322532
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp83.0.dr
ID:	dr_711
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.723245863646197
Encrypted:	false
Size:	100710
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp38.0.dr
ID:	dr_712
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.943379758808785
Encrypted:	false
Size:	107966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp20.0.dr
ID:	dr_713
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.8181951592498224
Encrypted:	false
Size:	104790
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp84.0.dr
ID:	dr_714
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.942968899649388
Encrypted:	false
Size:	89430
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp85.0.dr
ID:	dr_715
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.677622576814006
Encrypted:	false
Size:	99670
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp86.0.dr
ID:	dr_716
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.417106100358475
Encrypted:	false
Size:	101734
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp87.0.dr
ID:	dr_717
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.792788537540323
Encrypted:	false
Size:	97230
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp39.0.dr
ID:	dr_718
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.007439835604956
Encrypted:	false
Size:	133478
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp88.0.dr
ID:	dr_719
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4801467569615365
Encrypted:	false
Size:	99158
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp40.0.dr
ID:	dr_720
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.039356239803507
Encrypted:	false
Size:	132966
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp89.0.dr
ID:	dr_721
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.511465570111076
Encrypted:	false
Size:	99278
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp90.0.dr
ID:	dr_722
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.502533340807793
Encrypted:	false
Size:	99686
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp91.0.dr
ID:	dr_725
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.573001432631926
Encrypted:	false
Size:	101222
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp92.0.dr
ID:	dr_726
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.621462437036925
Encrypted:	false
Size:	103270
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe.tmp
Category:	dropped
Dump:	mpextms.exe.tmp0.0.dr
ID:	dr_131
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5853696969697815
Encrypted:	false
Size:	947598
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp93.0.dr
ID:	dr_734
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.641947883751726
Encrypted:	false
Size:	101222
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp94.0.dr
ID:	dr_735
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2726076203744014
Encrypted:	false
Size:	100694
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp95.0.dr
ID:	dr_736
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.3060657639549325
Encrypted:	false
Size:	101222
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp41.0.dr
ID:	dr_737
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.978866644625075
Encrypted:	false
Size:	130918
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp21.0.dr
ID:	dr_738
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.105402322638724
Encrypted:	false
Size:	121302
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp96.0.dr
ID:	dr_739
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.454647815756304
Encrypted:	false
Size:	99158
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp97.0.dr
ID:	dr_740
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649713551465514
Encrypted:	false
Size:	101206
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp42.0.dr
ID:	dr_741
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.847697807429532
Encrypted:	false
Size:	137166
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp22.0.dr
ID:	dr_742
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.0815028355335095
Encrypted:	false
Size:	122198
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp98.0.dr
ID:	dr_743
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.451765608440328
Encrypted:	false
Size:	101206
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp99.0.dr
ID:	dr_744
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.465526072304354
Encrypted:	false
Size:	98646
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp100.0.dr
ID:	dr_745
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64744799710417
Encrypted:	false
Size:	101718
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp101.0.dr
ID:	dr_746
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6219255569243565
Encrypted:	false
Size:	102230
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp43.0.dr
ID:	dr_747
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.97760433976811
Encrypted:	false
Size:	138070
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp23.0.dr
ID:	dr_748
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.078077870735559
Encrypted:	false
Size:	126414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp102.0.dr
ID:	dr_749
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.452715207530003
Encrypted:	false
Size:	100694
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp44.0.dr
ID:	dr_754
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.77400619035031
Encrypted:	false
Size:	133070
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp24.0.dr
ID:	dr_755
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.142784984709765
Encrypted:	false
Size:	123750
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp103.0.dr
ID:	dr_756
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.421418443912459
Encrypted:	false
Size:	101206
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp45.0.dr
ID:	dr_757
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.95104282858444
Encrypted:	false
Size:	134998
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp25.0.dr
ID:	dr_758
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.072824682373645
Encrypted:	false
Size:	124246
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp104.0.dr
ID:	dr_759
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.436597600748837
Encrypted:	false
Size:	100294
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp105.0.dr
ID:	dr_760
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.424358733701811
Encrypted:	false
Size:	100182
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp46.0.dr
ID:	dr_761
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.979410412091375
Encrypted:	false
Size:	134502
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp106.0.dr
ID:	dr_762
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.3119940797124015
Encrypted:	false
Size:	100694
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp47.0.dr
ID:	dr_763
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.1768444570242
Encrypted:	false
Size:	135526
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp26.0.dr
ID:	dr_764
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.323239588756081
Encrypted:	false
Size:	125270
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp107.0.dr
ID:	dr_765
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.662413226307332
Encrypted:	false
Size:	100198
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp48.0.dr
ID:	dr_766
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.02816264573656
Encrypted:	false
Size:	133590
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp108.0.dr
ID:	dr_767
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.5359664744283315
Encrypted:	false
Size:	99174
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp49.0.dr
ID:	dr_768
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.95940465632103
Encrypted:	false
Size:	134502
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp109.0.dr
ID:	dr_770
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.511144296384783
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp110.0.dr
ID:	dr_771
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.431648922311277
Encrypted:	false
Size:	99686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp111.0.dr
ID:	dr_772
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.609968706098412
Encrypted:	false
Size:	99790
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp112.0.dr
ID:	dr_773
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656778416056747
Encrypted:	false
Size:	100198
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp50.0.dr
ID:	dr_774
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.993739450306351
Encrypted:	false
Size:	132966
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp113.0.dr
ID:	dr_775
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.452064075981591
Encrypted:	false
Size:	100286
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp51.0.dr
ID:	dr_776
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.005277793396506
Encrypted:	false
Size:	130918
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp27.0.dr
ID:	dr_777
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.139693369305928
Encrypted:	false
Size:	120150
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp114.0.dr
ID:	dr_778
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.468275809685917
Encrypted:	false
Size:	98646
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp115.0.dr
ID:	dr_779
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.72032688101957
Encrypted:	false
Size:	102230
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp116.0.dr
ID:	dr_780
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6473686518471995
Encrypted:	false
Size:	100198
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp52.0.dr
ID:	dr_781
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.3588813983661945
Encrypted:	false
Size:	127438
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp117.0.dr
ID:	dr_782
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.709607691751111
Encrypted:	false
Size:	96598
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp53.0.dr
ID:	dr_784
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.001637506163757
Encrypted:	false
Size:	131942
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp28.0.dr
ID:	dr_785
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.035987160006054
Encrypted:	false
Size:	121302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp118.0.dr
ID:	dr_786
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.559862458246679
Encrypted:	false
Size:	98134
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp119.0.dr
ID:	dr_787
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.68290364062511
Encrypted:	false
Size:	99158
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp120.0.dr
ID:	dr_788
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.704008457166348
Encrypted:	false
Size:	99158
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp54.0.dr
ID:	dr_789
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.181901521627907
Encrypted:	false
Size:	135110
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp121.0.dr
ID:	dr_790
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.677955490780057
Encrypted:	false
Size:	98766
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp122.0.dr
ID:	dr_791
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.555254381680593
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp55.0.dr
ID:	dr_792
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.157173538679138
Encrypted:	false
Size:	131926
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp123.0.dr
ID:	dr_793
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.465731507252057
Encrypted:	false
Size:	98646
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp57.0.dr
ID:	dr_803
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.91353072212671
Encrypted:	false
Size:	98134
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp29.0.dr
ID:	dr_804
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7748109465017485
Encrypted:	false
Size:	99670
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp124.0.dr
ID:	dr_805
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.91742959820168
Encrypted:	false
Size:	85846
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.tmp
Category:	dropped
Dump:	MpAsDesc.dll.mui.tmp58.0.dr
ID:	dr_806
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.933895850669071
Encrypted:	false
Size:	98646
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpEvMsg.dll.mui.tmp
Category:	dropped
Dump:	MpEvMsg.dll.mui.tmp30.0.dr
ID:	dr_807
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.801106748718169
Encrypted:	false
Size:	100694
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.tmp
Category:	dropped
Dump:	mpuxagent.dll.mui.tmp125.0.dr
ID:	dr_808
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.924454925578769
Encrypted:	false
Size:	86358
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\01\2.tmp
Category:	dropped
Dump:	2.tmp.0.dr
ID:	dr_809
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664674709053584
Encrypted:	false
Size:	66862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.tmp
Category:	dropped
Dump:	0.tmp.0.dr
ID:	dr_810
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.666098184630877
Encrypted:	false
Size:	66862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.tmp
Category:	dropped
Dump:	1.tmp.0.dr
ID:	dr_811
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.626120984962757
Encrypted:	false
Size:	66862
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.exe.tmp
Category:	dropped
Dump:	Detections.log.exe.tmp.0.dr
ID:	dr_812
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649531410129708
Encrypted:	false
Size:	132224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.tmp
Category:	dropped
Dump:	Detections.log.tmp.0.dr
ID:	dr_147
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649397051080004
Encrypted:	false
Size:	66114
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.exe.tmp
Category:	dropped
Dump:	History.Log.exe.tmp.0.dr
ID:	dr_813
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.663859724781649
Encrypted:	false
Size:	133744
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.tmp
Category:	dropped
Dump:	History.Log.tmp.0.dr
ID:	dr_149
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.669360674614843
Encrypted:	false
Size:	67634
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.exe.tmp
Category:	dropped
Dump:	Unknown.Log.exe.tmp.0.dr
ID:	dr_814
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650134484600532
Encrypted:	false
Size:	132828
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.tmp
Category:	dropped
Dump:	Unknown.Log.tmp.0.dr
ID:	dr_151
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650051315592307
Encrypted:	false
Size:	66718
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3846C1B485BFA46E3AB54DFBE9D1DE49.tmp
Category:	dropped
Dump:	3846C1B485BFA46E3AB54DFBE9D1DE49.tmp.0.dr
ID:	dr_815
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.738696080122609
Encrypted:	false
Size:	68540
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.tmp
Category:	dropped
Dump:	56598B41F139620898884E49C611C148.tmp.0.dr
ID:	dr_816
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.735590555229904
Encrypted:	false
Size:	68500
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.tmp
Category:	dropped
Dump:	81FE2459AB45799D6C1FB53DEEE30AF6.tmp.0.dr
ID:	dr_817
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.734868244077538
Encrypted:	false
Size:	68496
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.tmp
Category:	dropped
Dump:	93BCA88018E5993458BC6BBE55D33E61.tmp.0.dr
ID:	dr_818
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.739243423586347
Encrypted:	false
Size:	68536
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9BBF8E3725F51A366740AC59C8CBB345.tmp
Category:	dropped
Dump:	9BBF8E3725F51A366740AC59C8CBB345.tmp.0.dr
ID:	dr_819
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.739560887989342
Encrypted:	false
Size:	68656
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.tmp
Category:	dropped
Dump:	A0137882FC829131E8629036339BD1FB.tmp.0.dr
ID:	dr_820
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.736446702251174
Encrypted:	false
Size:	68508
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.tmp
Category:	dropped
Dump:	C73297F3A28B41D0B045DECE1D0D81EF.tmp.0.dr
ID:	dr_821
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.740581973808595
Encrypted:	false
Size:	68632
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.exe.tmp
Category:	dropped
Dump:	MpDiag.bin.exe.tmp.0.dr
ID:	dr_153
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6492351567498105
Encrypted:	false
Size:	132460
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin.tmp
Category:	dropped
Dump:	MpDiag.bin.tmp.0.dr
ID:	dr_210
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648647339262511
Encrypted:	false
Size:	66350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.tmp
Category:	dropped
Dump:	mpenginedb.db.tmp.0.dr
ID:	dr_221
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.95618893375268
Encrypted:	false
Size:	598590
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.exe.tmp
Category:	dropped
Dump:	MPDetection-20231003-085557.log.exe.tmp.0.dr
ID:	dr_822
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660456338217152
Encrypted:	false
Size:	139400
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.tmp
Category:	dropped
Dump:	MPDetection-20231003-085557.log.tmp.0.dr
ID:	dr_155
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.626613020663768
Encrypted:	false
Size:	73290
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.tmp
Category:	dropped
Dump:	MPDeviceControl-20231003-122002.log.tmp.0.dr
ID:	dr_823
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.476772332521907
Encrypted:	false
Size:	73918
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.tmp
Category:	dropped
Dump:	MPLog-20231003-085557.log.tmp.0.dr
ID:	dr_157
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	3.9727241512896168
Encrypted:	false
Size:	1749964
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\confident.cov.tmp
Category:	dropped
Dump:	confident.cov.tmp.0.dr
ID:	dr_159
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.614839550422131
Encrypted:	false
Size:	76520
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\fyi.cov.tmp
Category:	dropped
Dump:	fyi.cov.tmp.0.dr
ID:	dr_161
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.511693020810968
Encrypted:	false
Size:	76871
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\generic.cov.tmp
Category:	dropped
Dump:	generic.cov.tmp.0.dr
ID:	dr_163
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.357930792334556
Encrypted:	false
Size:	81118
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\urgent.cov.tmp
Category:	dropped
Dump:	urgent.cov.tmp.0.dr
ID:	dr_165
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.537100937316146
Encrypted:	false
Size:	76484
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\WelcomeFax.tif.tmp
Category:	dropped
Dump:	WelcomeFax.tif.tmp.0.dr
ID:	dr_169
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.593175749522262
Encrypted:	false
Size:	155644
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.tmp
Category:	dropped
Dump:	WelcomeScan.jpg.tmp.0.dr
ID:	dr_222
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.850372946646927
Encrypted:	false
Size:	582534
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml.tmp
Category:	dropped
Dump:	AppxProvisioning.xml.tmp.0.dr
ID:	dr_189
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.665634162496147
Encrypted:	false
Size:	86393
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.tmp
Category:	dropped
Dump:	cversions.2.db.tmp0.0.dr
ID:	dr_655
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.06771237888259
Encrypted:	false
Size:	82494
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.exe.tmp
Category:	dropped
Dump:	02305155-8ac1-1189-ff55-b7119a53887c.xml.exe.tmp.0.dr
ID:	dr_1018
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.688061632541782
Encrypted:	false
Size:	138596
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.tmp
Category:	dropped
Dump:	02305155-8ac1-1189-ff55-b7119a53887c.xml.tmp.0.dr
ID:	dr_548
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.716423617724613
Encrypted:	false
Size:	72486
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp
Category:	dropped
Dump:	03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.exe.tmp.0.dr
ID:	dr_1017
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.674745087038491
Encrypted:	false
Size:	138666
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.tmp
Category:	dropped
Dump:	03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.tmp.0.dr
ID:	dr_551
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692732216412912
Encrypted:	false
Size:	72556
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp
Category:	dropped
Dump:	0890ad2f-b74f-c384-f684-9c33f8f67924.xml.exe.tmp.0.dr
ID:	dr_1016
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.678377677430877
Encrypted:	false
Size:	138624
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.tmp
Category:	dropped
Dump:	0890ad2f-b74f-c384-f684-9c33f8f67924.xml.tmp.0.dr
ID:	dr_554
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.69920710114116
Encrypted:	false
Size:	72514
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp
Category:	dropped
Dump:	0a8c1492-65ca-6a01-de25-0e183559d10d.xml.exe.tmp.0.dr
ID:	dr_1015
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.675440329830277
Encrypted:	false
Size:	137750
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.tmp
Category:	dropped
Dump:	0a8c1492-65ca-6a01-de25-0e183559d10d.xml.tmp.0.dr
ID:	dr_557
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694948521161803
Encrypted:	false
Size:	71640
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp
Category:	dropped
Dump:	0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.exe.tmp.0.dr
ID:	dr_1014
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670943495919868
Encrypted:	false
Size:	137752
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp
Category:	dropped
Dump:	0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.tmp.0.dr
ID:	dr_560
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6867039915778905
Encrypted:	false
Size:	71642
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp
Category:	dropped
Dump:	13edb933-4688-0f79-3d0a-499edf952ba0.xml.exe.tmp.0.dr
ID:	dr_1013
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.689693484742679
Encrypted:	false
Size:	139330
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp
Category:	dropped
Dump:	13edb933-4688-0f79-3d0a-499edf952ba0.xml.tmp.0.dr
ID:	dr_563
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.718476481342467
Encrypted:	false
Size:	73220
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.tmp
Category:	dropped
Dump:	1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.tmp.0.dr
ID:	dr_567
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.722893329991741
Encrypted:	false
Size:	73194
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe.tmp
Category:	dropped
Dump:	18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.exe.tmp.0.dr
ID:	dr_1024
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.675128901843818
Encrypted:	false
Size:	137774
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.tmp
Category:	dropped
Dump:	18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.tmp.0.dr
ID:	dr_570
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.69444829459084
Encrypted:	false
Size:	71664
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp
Category:	dropped
Dump:	1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.exe.tmp.0.dr
ID:	dr_1023
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.675070312776358
Encrypted:	false
Size:	137762
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.tmp
Category:	dropped
Dump:	1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.tmp.0.dr
ID:	dr_573
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694003330855354
Encrypted:	false
Size:	71652
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.tmp
Category:	dropped
Dump:	1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.tmp.0.dr
ID:	dr_576
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.698564534719356
Encrypted:	false
Size:	73218
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp
Category:	dropped
Dump:	1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.tmp.0.dr
ID:	dr_579
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.69536844768286
Encrypted:	false
Size:	72554
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp
Category:	dropped
Dump:	1faf63f7-f387-4522-1175-68c9652d968a.xml.tmp.0.dr
ID:	dr_582
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.695888643440922
Encrypted:	false
Size:	71710
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp
Category:	dropped
Dump:	215f9712-9fca-a3f8-5b11-660eefc73b96.xml.tmp.0.dr
ID:	dr_585
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.700477408281484
Encrypted:	false
Size:	71676
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.tmp
Category:	dropped
Dump:	26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.tmp.0.dr
ID:	dr_587
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.704639110824018
Encrypted:	false
Size:	72492
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.tmp
Category:	dropped
Dump:	280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.tmp.0.dr
ID:	dr_589
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7003194274136435
Encrypted:	false
Size:	73208
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.tmp
Category:	dropped
Dump:	28502d06-9d29-8514-1e5d-64447116d798.xml.tmp.0.dr
ID:	dr_591
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705582738138859
Encrypted:	false
Size:	71688
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.tmp
Category:	dropped
Dump:	28748306-9f02-a5d7-6ded-4459fddadc31.xml.tmp.0.dr
ID:	dr_593
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692463830889109
Encrypted:	false
Size:	71348
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.tmp
Category:	dropped
Dump:	292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.tmp.0.dr
ID:	dr_595
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.696022851137473
Encrypted:	false
Size:	72558
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp
Category:	dropped
Dump:	2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.tmp.0.dr
ID:	dr_597
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.68765960525503
Encrypted:	false
Size:	71708
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp
Category:	dropped
Dump:	2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.tmp.0.dr
ID:	dr_599
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.709950029104983
Encrypted:	false
Size:	72468
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp
Category:	dropped
Dump:	306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.tmp.0.dr
ID:	dr_601
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.697666030906812
Encrypted:	false
Size:	72810
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.tmp
Category:	dropped
Dump:	38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.tmp.0.dr
ID:	dr_603
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.698085049753818
Encrypted:	false
Size:	73130
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.tmp
Category:	dropped
Dump:	3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.tmp.0.dr
ID:	dr_605
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705483142401496
Encrypted:	false
Size:	72532
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp
Category:	dropped
Dump:	3f446420-d8ef-3b9c-d5b4-ba09c43121b4.xml.tmp.0.dr
ID:	dr_608
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692493288585108
Encrypted:	false
Size:	71309
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.tmp
Category:	dropped
Dump:	42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.tmp.0.dr
ID:	dr_610
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.698503207366235
Encrypted:	false
Size:	73132
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.tmp
Category:	dropped
Dump:	436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.tmp.0.dr
ID:	dr_612
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.699268608945937
Encrypted:	false
Size:	73218
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.tmp
Category:	dropped
Dump:	4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.tmp.0.dr
ID:	dr_614
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.717008069377897
Encrypted:	false
Size:	72512
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.tmp
Category:	dropped
Dump:	517cfcaf-138b-1796-2cea-62892204250a.xml.tmp.0.dr
ID:	dr_616
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.688588789545765
Encrypted:	false
Size:	71708
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp
Category:	dropped
Dump:	52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.tmp.0.dr
ID:	dr_618
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.71085435647021
Encrypted:	false
Size:	73208
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.tmp
Category:	dropped
Dump:	5c834b0b-64f8-6383-854a-915ac7ddab77.xml.tmp.0.dr
ID:	dr_620
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.695138823253583
Encrypted:	false
Size:	71708
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp
Category:	dropped
Dump:	61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.tmp.0.dr
ID:	dr_622
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7172658539339185
Encrypted:	false
Size:	72514
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.tmp
Category:	dropped
Dump:	630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.tmp.0.dr
ID:	dr_624
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.703252561887712
Encrypted:	false
Size:	72556
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp
Category:	dropped
Dump:	67447b0c-05cf-6740-5f7b-391ab440c42d.xml.tmp.0.dr
ID:	dr_626
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.686105048107589
Encrypted:	false
Size:	71392
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp
Category:	dropped
Dump:	6ab96728-2783-240f-370f-afa9d4e52fdd.xml.tmp.0.dr
ID:	dr_294
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.717697872985385
Encrypted:	false
Size:	72656
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp
Category:	dropped
Dump:	6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.tmp.0.dr
ID:	dr_296
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.707819274600286
Encrypted:	false
Size:	72776
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp
Category:	dropped
Dump:	6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.tmp.0.dr
ID:	dr_298
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.685854094689055
Encrypted:	false
Size:	71432
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp
Category:	dropped
Dump:	71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.tmp.0.dr
ID:	dr_300
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.685551625864974
Encrypted:	false
Size:	71480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp
Category:	dropped
Dump:	71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.tmp.0.dr
ID:	dr_302
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.712791684957852
Encrypted:	false
Size:	72568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp
Category:	dropped
Dump:	7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.tmp.0.dr
ID:	dr_304
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.698458778930198
Encrypted:	false
Size:	71372
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp
Category:	dropped
Dump:	7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.tmp.0.dr
ID:	dr_306
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.703822993681491
Encrypted:	false
Size:	72500
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp
Category:	dropped
Dump:	8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.tmp.0.dr
ID:	dr_308
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.687441470762006
Encrypted:	false
Size:	71436
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp
Category:	dropped
Dump:	832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.tmp.0.dr
ID:	dr_310
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.699920008915917
Encrypted:	false
Size:	73176
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp
Category:	dropped
Dump:	865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.tmp.0.dr
ID:	dr_312
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.695016866732041
Encrypted:	false
Size:	71742
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp
Category:	dropped
Dump:	8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.tmp.0.dr
ID:	dr_314
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.691725601956509
Encrypted:	false
Size:	71676
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.tmp
Category:	dropped
Dump:	8cfc804a-d777-2361-1670-4569e516397e.xml.tmp.0.dr
ID:	dr_316
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.706065026790857
Encrypted:	false
Size:	71642
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp
Category:	dropped
Dump:	8d56e57b-8663-136d-ff69-a004e217825a.xml.tmp.0.dr
ID:	dr_318
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.690282586881943
Encrypted:	false
Size:	71448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp
Category:	dropped
Dump:	8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.tmp.0.dr
ID:	dr_320
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705664798234981
Encrypted:	false
Size:	71434
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp
Category:	dropped
Dump:	91a5b4c7-29a8-ec80-4321-fbecea906705.xml.tmp.0.dr
ID:	dr_322
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.692089694673711
Encrypted:	false
Size:	71696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp
Category:	dropped
Dump:	9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.tmp.0.dr
ID:	dr_324
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705113024279327
Encrypted:	false
Size:	73218
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp
Category:	dropped
Dump:	9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.tmp.0.dr
ID:	dr_326
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.688157929696272
Encrypted:	false
Size:	71774
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp
Category:	dropped
Dump:	a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.tmp.0.dr
ID:	dr_328
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6916145777403475
Encrypted:	false
Size:	71622
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp
Category:	dropped
Dump:	a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.tmp.0.dr
ID:	dr_330
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.693936087884725
Encrypted:	false
Size:	72600
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp
Category:	dropped
Dump:	a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.tmp.0.dr
ID:	dr_332
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.716418993796434
Encrypted:	false
Size:	72502
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp
Category:	dropped
Dump:	abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.tmp.0.dr
ID:	dr_334
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.711062064621109
Encrypted:	false
Size:	72490
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp
Category:	dropped
Dump:	ac116a72-b6b1-d558-23f6-10796e634d41.xml.tmp.0.dr
ID:	dr_337
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.685989516377203
Encrypted:	false
Size:	71448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp
Category:	dropped
Dump:	b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.tmp.0.dr
ID:	dr_340
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705703517455542
Encrypted:	false
Size:	71620
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp
Category:	dropped
Dump:	b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.tmp.0.dr
ID:	dr_343
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.707188520784005
Encrypted:	false
Size:	72858
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp
Category:	dropped
Dump:	b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.tmp.0.dr
ID:	dr_346
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.706124414432169
Encrypted:	false
Size:	71622
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp
Category:	dropped
Dump:	b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.tmp.0.dr
ID:	dr_349
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.690346096684091
Encrypted:	false
Size:	71344
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp
Category:	dropped
Dump:	bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.tmp.0.dr
ID:	dr_352
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.687311112465055
Encrypted:	false
Size:	71706
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp
Category:	dropped
Dump:	bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.tmp.0.dr
ID:	dr_355
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6926109059052425
Encrypted:	false
Size:	71360
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp
Category:	dropped
Dump:	bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.tmp.0.dr
ID:	dr_358
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6987327574208955
Encrypted:	false
Size:	71424
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp
Category:	dropped
Dump:	c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.tmp.0.dr
ID:	dr_361
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.684880275165241
Encrypted:	false
Size:	71448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp
Category:	dropped
Dump:	c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.tmp.0.dr
ID:	dr_364
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.710367010080693
Encrypted:	false
Size:	72546
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp
Category:	dropped
Dump:	ca947da2-7e9a-7249-8095-bceb379c6f74.xml.tmp.0.dr
ID:	dr_367
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.704500370472624
Encrypted:	false
Size:	72568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp
Category:	dropped
Dump:	cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.tmp.0.dr
ID:	dr_370
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.716557117530832
Encrypted:	false
Size:	72568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp
Category:	dropped
Dump:	d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.tmp.0.dr
ID:	dr_373
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694505097364861
Encrypted:	false
Size:	72468
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp
Category:	dropped
Dump:	d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.tmp.0.dr
ID:	dr_376
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.717844074204059
Encrypted:	false
Size:	73150
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp
Category:	dropped
Dump:	e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.tmp.0.dr
ID:	dr_379
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.7039556371449525
Encrypted:	false
Size:	71394
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp
Category:	dropped
Dump:	e64ffef1-e246-b632-595b-56076a3fa776.xml.tmp.0.dr
ID:	dr_382
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694743020369654
Encrypted:	false
Size:	71392
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp
Category:	dropped
Dump:	e78cdb72-8076-1aa5-5df6-048300a0f594.xml.tmp.0.dr
ID:	dr_385
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.705015108000216
Encrypted:	false
Size:	72957
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp
Category:	dropped
Dump:	e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.tmp.0.dr
ID:	dr_388
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.700472295198761
Encrypted:	false
Size:	71698
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp
Category:	dropped
Dump:	e8fff2df-6041-8f21-3df7-db31661aa09b.xml.tmp.0.dr
ID:	dr_391
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6934748338082475
Encrypted:	false
Size:	71414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp
Category:	dropped
Dump:	e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.tmp.0.dr
ID:	dr_394
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.712378448896486
Encrypted:	false
Size:	72524
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp
Category:	dropped
Dump:	ea39969e-9808-10a2-23ff-be783a132fea.xml.tmp.0.dr
ID:	dr_397
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.703642320717631
Encrypted:	false
Size:	72590
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp
Category:	dropped
Dump:	ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.tmp.0.dr
ID:	dr_400
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694995982312779
Encrypted:	false
Size:	72478
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp
Category:	dropped
Dump:	eee47229-947d-2ac7-e8a3-49bafee251d1.xml.tmp.0.dr
ID:	dr_403
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.685741012679012
Encrypted:	false
Size:	71366
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp
Category:	dropped
Dump:	f1d940d0-b5b2-0083-8403-807a8db430d5.xml.tmp.0.dr
ID:	dr_406
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.687156977723751
Encrypted:	false
Size:	71390
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp
Category:	dropped
Dump:	f5fc8c03-78f6-342c-372b-15d02609bd3c.xml.tmp.0.dr
ID:	dr_409
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.694635595523852
Encrypted:	false
Size:	72490
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp
Category:	dropped
Dump:	fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.tmp.0.dr
ID:	dr_412
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.693168482407588
Encrypted:	false
Size:	71382
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat.tmp
Category:	dropped
Dump:	tokens.dat.tmp0.0.dr
ID:	dr_656
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.550900498064033
Encrypted:	false
Size:	775228
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx.tmp
Category:	dropped
Dump:	dmrc.idx.tmp.0.dr
ID:	dr_202
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	4.32047089084218
Encrypted:	false
Size:	781686
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.exe.tmp
Category:	dropped
Dump:	GeofenceApplicationID.dat.exe.tmp.0.dr
ID:	dr_415
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.629275590486375
Encrypted:	false
Size:	134844
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.tmp
Category:	dropped
Dump:	GeofenceApplicationID.dat.tmp.0.dr
ID:	dr_243
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.602287550222121
Encrypted:	false
Size:	68734
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.exe.tmp
Category:	dropped
Dump:	ASAP_CloudPolicy.json.exe.tmp.0.dr
ID:	dr_418
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6765994675813065
Encrypted:	false
Size:	136536
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json.tmp
Category:	dropped
Dump:	ASAP_CloudPolicy.json.tmp.0.dr
ID:	dr_244
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.697936721035049
Encrypted:	false
Size:	70426
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\CTAC.json.tmp
Category:	dropped
Dump:	CTAC.json.tmp.0.dr
ID:	dr_205
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.181525395898819
Encrypted:	false
Size:	155474
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.exe.tmp
Category:	dropped
Dump:	CortanaUWP.json.exe.tmp.0.dr
ID:	dr_245
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65295500063691
Encrypted:	false
Size:	132738
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\CortanaUWP.json.tmp
Category:	dropped
Dump:	CortanaUWP.json.tmp.0.dr
ID:	dr_204
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656457864488021
Encrypted:	false
Size:	66628
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.exe.tmp
Category:	dropped
Dump:	DirectXDbVersion.json.exe.tmp.0.dr
ID:	dr_421
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649741608682402
Encrypted:	false
Size:	132322
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\DirectXDbVersion.json.tmp
Category:	dropped
Dump:	DirectXDbVersion.json.tmp.0.dr
ID:	dr_246
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649977018754896
Encrypted:	false
Size:	66212
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\FeatureConfig.json.tmp
Category:	dropped
Dump:	FeatureConfig.json.tmp.0.dr
ID:	dr_206
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.622803698714065
Encrypted:	false
Size:	86835
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.exe.tmp
Category:	dropped
Dump:	SCCInstallService.json.exe.tmp.0.dr
ID:	dr_424
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.657214316855796
Encrypted:	false
Size:	133186
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json.tmp
Category:	dropped
Dump:	SCCInstallService.json.tmp.0.dr
ID:	dr_247
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.664144724802333
Encrypted:	false
Size:	67076
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.exe.tmp
Category:	dropped
Dump:	StorageGroveler.json.exe.tmp.0.dr
ID:	dr_427
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.653375542972033
Encrypted:	false
Size:	133046
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\StorageGroveler.json.tmp
Category:	dropped
Dump:	StorageGroveler.json.tmp.0.dr
ID:	dr_248
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656988285336854
Encrypted:	false
Size:	66936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.exe.tmp
Category:	dropped
Dump:	TroubleshootingSvc.json.exe.tmp.0.dr
ID:	dr_430
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649966164150617
Encrypted:	false
Size:	132326
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\TroubleshootingSvc.json.tmp
Category:	dropped
Dump:	TroubleshootingSvc.json.tmp.0.dr
ID:	dr_249
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650462081679188
Encrypted:	false
Size:	66216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.exe.tmp
Category:	dropped
Dump:	UsoSettings.json.exe.tmp.0.dr
ID:	dr_250
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.666345880031477
Encrypted:	false
Size:	142372
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\UsoSettings.json.tmp
Category:	dropped
Dump:	UsoSettings.json.tmp.0.dr
ID:	dr_207
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660482470492207
Encrypted:	false
Size:	76262
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\OneSettings\config.json.tmp
Category:	dropped
Dump:	config.json.tmp.0.dr
ID:	dr_203
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.677321780190129
Encrypted:	false
Size:	71800
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.exe.tmp
Category:	dropped
Dump:	7-Zip File Manager.lnk.exe.tmp.0.dr
ID:	dr_173
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.653655679574391
Encrypted:	false
Size:	133772
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.tmp
Category:	dropped
Dump:	7-Zip File Manager.lnk.tmp.0.dr
ID:	dr_224
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6559771832890355
Encrypted:	false
Size:	67662
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.exe.tmp
Category:	dropped
Dump:	7-Zip Help.lnk.exe.tmp.0.dr
ID:	dr_251
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6536716400159035
Encrypted:	false
Size:	133782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk.tmp
Category:	dropped
Dump:	7-Zip Help.lnk.tmp.0.dr
ID:	dr_225
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655910362053656
Encrypted:	false
Size:	67672
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.exe.tmp
Category:	dropped
Dump:	Access.lnk.exe.tmp.0.dr
ID:	dr_226
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6620901239278965
Encrypted:	false
Size:	137132
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk.tmp
Category:	dropped
Dump:	Access.lnk.tmp.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649670502970407
Encrypted:	false
Size:	71022
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk.exe.tmp
Category:	dropped
Dump:	Speech Recognition.lnk.exe.tmp.0.dr
ID:	dr_433
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.632399140688933
Encrypted:	false
Size:	134708
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp12.0.dr
ID:	dr_227
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6473648032893635
Encrypted:	false
Size:	66850
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk.exe.tmp
Category:	dropped
Dump:	Math Input Panel.lnk.exe.tmp.0.dr
ID:	dr_436
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660770651072683
Encrypted:	false
Size:	134618
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe.tmp
Category:	dropped
Dump:	Notepad.lnk.exe.tmp.0.dr
ID:	dr_255
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.627030095709256
Encrypted:	false
Size:	134570
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.tmp
Category:	dropped
Dump:	Notepad.lnk.tmp.0.dr
ID:	dr_229
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.599384014286101
Encrypted:	false
Size:	68460
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.exe.tmp
Category:	dropped
Dump:	Paint.lnk.exe.tmp.0.dr
ID:	dr_257
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.627035194923451
Encrypted:	false
Size:	134482
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk.tmp
Category:	dropped
Dump:	Paint.lnk.tmp.0.dr
ID:	dr_230
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.599549173771221
Encrypted:	false
Size:	68372
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk.tmp
Category:	dropped
Dump:	Quick Assist.lnk.tmp.0.dr
ID:	dr_252
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64866321657211
Encrypted:	false
Size:	68472
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.exe.tmp
Category:	dropped
Dump:	Remote Desktop Connection.lnk.exe.tmp.0.dr
ID:	dr_439
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650903744273885
Encrypted:	false
Size:	134650
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk.tmp
Category:	dropped
Dump:	Snipping Tool.lnk.tmp.0.dr
ID:	dr_254
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.600497375593108
Encrypted:	false
Size:	68378
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk.exe.tmp
Category:	dropped
Dump:	Steps Recorder.lnk.exe.tmp.0.dr
ID:	dr_442
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.627259693834987
Encrypted:	false
Size:	134446
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.exe.tmp
Category:	dropped
Dump:	Character Map.lnk.exe.tmp.0.dr
ID:	dr_828
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.633277343861955
Encrypted:	false
Size:	134448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp9.0.dr
ID:	dr_445
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65017102812658
Encrypted:	false
Size:	132390
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.exe.tmp
Category:	dropped
Dump:	Windows Fax and Scan.lnk.exe.tmp.0.dr
ID:	dr_448
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.638018328436803
Encrypted:	false
Size:	134446
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk.exe.tmp
Category:	dropped
Dump:	Windows Media Player.lnk.exe.tmp.0.dr
ID:	dr_451
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660025152796439
Encrypted:	false
Size:	134948
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.exe.tmp
Category:	dropped
Dump:	Wordpad.lnk.exe.tmp.0.dr
ID:	dr_259
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.661310453502495
Encrypted:	false
Size:	134562
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk.tmp
Category:	dropped
Dump:	Wordpad.lnk.tmp.0.dr
ID:	dr_256
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650601598200198
Encrypted:	false
Size:	68452
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp7.0.dr
ID:	dr_253
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655865585834752
Encrypted:	false
Size:	135164
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp13.0.dr
ID:	dr_228
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6505390575779035
Encrypted:	false
Size:	69054
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk.exe.tmp
Category:	dropped
Dump:	Component Services.lnk.exe.tmp.0.dr
ID:	dr_829
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637695200240213
Encrypted:	false
Size:	134452
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk.exe.tmp
Category:	dropped
Dump:	Computer Management.lnk.exe.tmp.0.dr
ID:	dr_831
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660914111981658
Encrypted:	false
Size:	134548
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.exe.tmp
Category:	dropped
Dump:	Disk Cleanup.lnk.exe.tmp.0.dr
ID:	dr_460
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.603211934548415
Encrypted:	false
Size:	134452
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.exe.tmp
Category:	dropped
Dump:	Event Viewer.lnk.exe.tmp.0.dr
ID:	dr_463
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637412700220238
Encrypted:	false
Size:	134556
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.tmp
Category:	dropped
Dump:	Memory Diagnostics Tool.lnk.tmp.0.dr
ID:	dr_832
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.636680412781032
Encrypted:	false
Size:	68390
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.tmp
Category:	dropped
Dump:	ODBC Data Sources (32-bit).lnk.tmp.0.dr
ID:	dr_834
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650272391427828
Encrypted:	false
Size:	68390
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.tmp
Category:	dropped
Dump:	ODBC Data Sources (64-bit).lnk.tmp.0.dr
ID:	dr_836
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.609865557752059
Encrypted:	false
Size:	68390
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.exe.tmp
Category:	dropped
Dump:	Performance Monitor.lnk.exe.tmp.0.dr
ID:	dr_838
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.638042748536636
Encrypted:	false
Size:	134428
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk.exe.tmp
Category:	dropped
Dump:	Print Management.lnk.exe.tmp.0.dr
ID:	dr_469
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.661143453377905
Encrypted:	false
Size:	134490
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.exe.tmp
Category:	dropped
Dump:	RecoveryDrive.lnk.exe.tmp.0.dr
ID:	dr_472
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.661620615629337
Encrypted:	false
Size:	134488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.exe.tmp
Category:	dropped
Dump:	Registry Editor.lnk.exe.tmp.0.dr
ID:	dr_475
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660826928494468
Encrypted:	false
Size:	134384
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.exe.tmp
Category:	dropped
Dump:	Resource Monitor.lnk.exe.tmp.0.dr
ID:	dr_478
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637944029192302
Encrypted:	false
Size:	134436
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.tmp
Category:	dropped
Dump:	Security Configuration Management.lnk.tmp.0.dr
ID:	dr_840
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.646937708271938
Encrypted:	false
Size:	68354
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk.exe.tmp
Category:	dropped
Dump:	System Configuration.lnk.exe.tmp.0.dr
ID:	dr_842
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651267930910053
Encrypted:	false
Size:	134452
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk.exe.tmp
Category:	dropped
Dump:	System Information.lnk.exe.tmp.0.dr
ID:	dr_844
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660964777925757
Encrypted:	false
Size:	134448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.exe.tmp
Category:	dropped
Dump:	Task Scheduler.lnk.exe.tmp.0.dr
ID:	dr_486
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637645586937426
Encrypted:	false
Size:	134484
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp10.0.dr
ID:	dr_454
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.582916402584863
Encrypted:	false
Size:	137920
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk.exe.tmp
Category:	dropped
Dump:	dfrgui.lnk.exe.tmp.0.dr
ID:	dr_457
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.601644758182325
Encrypted:	false
Size:	134536
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.exe.tmp
Category:	dropped
Dump:	iSCSI Initiator.lnk.exe.tmp.0.dr
ID:	dr_466
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6375929371931415
Encrypted:	false
Size:	134508
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk.exe.tmp
Category:	dropped
Dump:	services.lnk.exe.tmp.0.dr
ID:	dr_481
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.602238517129943
Encrypted:	false
Size:	134536
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.exe.tmp
Category:	dropped
Dump:	Adobe Acrobat.lnk.exe.tmp0.0.dr
ID:	dr_261
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6697092122458015
Encrypted:	false
Size:	136366
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk.tmp
Category:	dropped
Dump:	Adobe Acrobat.lnk.tmp0.0.dr
ID:	dr_258
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.658995596176348
Encrypted:	false
Size:	70256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.exe.tmp
Category:	dropped
Dump:	AutoIt Help File.lnk.exe.tmp.0.dr
ID:	dr_489
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656358015964086
Encrypted:	false
Size:	134374
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.exe.tmp
Category:	dropped
Dump:	AutoIt Window Info (x64).lnk.exe.tmp.0.dr
ID:	dr_493
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651701992431231
Encrypted:	false
Size:	134428
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.exe.tmp
Category:	dropped
Dump:	AutoIt Window Info (x86).lnk.exe.tmp.0.dr
ID:	dr_497
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654598077533384
Encrypted:	false
Size:	134384
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.exe.tmp
Category:	dropped
Dump:	Check For SQLite Updates.lnk.exe.tmp.0.dr
ID:	dr_502
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.673286537185887
Encrypted:	false
Size:	134712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.exe.tmp
Category:	dropped
Dump:	Check For Updates.lnk.exe.tmp.0.dr
ID:	dr_506
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.653245200674399
Encrypted:	false
Size:	134688
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.exe.tmp
Category:	dropped
Dump:	Compile Script to .exe (x64).lnk.exe.tmp.0.dr
ID:	dr_846
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.667412816247127
Encrypted:	false
Size:	134680
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.exe.tmp
Category:	dropped
Dump:	Compile Script to .exe (x86).lnk.exe.tmp.0.dr
ID:	dr_848
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.672901962045887
Encrypted:	false
Size:	134636
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.exe.tmp
Category:	dropped
Dump:	Examples.lnk.exe.tmp.0.dr
ID:	dr_263
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651408120110145
Encrypted:	false
Size:	134350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk.tmp
Category:	dropped
Dump:	Examples.lnk.tmp.0.dr
ID:	dr_260
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651364123773757
Encrypted:	false
Size:	68240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.exe.tmp
Category:	dropped
Dump:	AutoIt v3 Website.lnk.exe.tmp.0.dr
ID:	dr_510
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.665613772880413
Encrypted:	false
Size:	134524
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.tmp
Category:	dropped
Dump:	AutoIt v3 Website.lnk.tmp.0.dr
ID:	dr_482
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6737855972718965
Encrypted:	false
Size:	68414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.exe.tmp
Category:	dropped
Dump:	AutoItX Help File.lnk.exe.tmp.0.dr
ID:	dr_851
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650889168002985
Encrypted:	false
Size:	134660
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.tmp
Category:	dropped
Dump:	AutoItX Help File.lnk.tmp.0.dr
ID:	dr_484
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649436357660945
Encrypted:	false
Size:	68550
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.exe.tmp
Category:	dropped
Dump:	Browse Extras.lnk.exe.tmp.0.dr
ID:	dr_514
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6725211259187835
Encrypted:	false
Size:	134362
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.tmp
Category:	dropped
Dump:	Browse Extras.lnk.tmp.0.dr
ID:	dr_491
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.683819285351362
Encrypted:	false
Size:	68252
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.exe.tmp
Category:	dropped
Dump:	Run Script (x64).lnk.exe.tmp.0.dr
ID:	dr_518
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.636896173981928
Encrypted:	false
Size:	134428
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.tmp
Category:	dropped
Dump:	Run Script (x64).lnk.tmp.0.dr
ID:	dr_495
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6234696363557575
Encrypted:	false
Size:	68318
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.exe.tmp
Category:	dropped
Dump:	Run Script (x86).lnk.exe.tmp.0.dr
ID:	dr_522
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6546906678840685
Encrypted:	false
Size:	134384
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.tmp
Category:	dropped
Dump:	Run Script (x86).lnk.tmp.0.dr
ID:	dr_500
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656243006808481
Encrypted:	false
Size:	68274
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.exe.tmp
Category:	dropped
Dump:	SciTE Script Editor.lnk.exe.tmp.0.dr
ID:	dr_526
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.673016054180615
Encrypted:	false
Size:	134580
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.tmp
Category:	dropped
Dump:	SciTE Script Editor.lnk.tmp.0.dr
ID:	dr_504
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.683025154820837
Encrypted:	false
Size:	68470
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.exe.tmp
Category:	dropped
Dump:	Excel.lnk.exe.tmp.0.dr
ID:	dr_264
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.631858074993484
Encrypted:	false
Size:	137130
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk.tmp
Category:	dropped
Dump:	Excel.lnk.tmp.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.604515609083181
Encrypted:	false
Size:	71020
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.exe.tmp
Category:	dropped
Dump:	Firefox Private Browsing.lnk.exe.tmp.0.dr
ID:	dr_508
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.629999789342061
Encrypted:	false
Size:	136296
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk.tmp
Category:	dropped
Dump:	Firefox Private Browsing.lnk.tmp.0.dr
ID:	dr_266
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.601911089127946
Encrypted:	false
Size:	70186
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.exe.tmp
Category:	dropped
Dump:	Firefox.lnk.exe.tmp0.0.dr
ID:	dr_268
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6509963240939225
Encrypted:	false
Size:	134230
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk.tmp
Category:	dropped
Dump:	Firefox.lnk.tmp0.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6503204719929085
Encrypted:	false
Size:	68120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.exe.tmp
Category:	dropped
Dump:	Google Chrome.lnk.exe.tmp0.0.dr
ID:	dr_265
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637273533053073
Encrypted:	false
Size:	136948
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk.tmp
Category:	dropped
Dump:	Google Chrome.lnk.tmp0.0.dr
ID:	dr_270
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.608105524012243
Encrypted:	false
Size:	70838
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk.tmp
Category:	dropped
Dump:	Immersive Control Panel.lnk.tmp1.0.dr
ID:	dr_951
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.624911660798604
Encrypted:	false
Size:	70808
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.exe.tmp
Category:	dropped
Dump:	About Java.lnk.exe.tmp.0.dr
ID:	dr_267
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.641322283757168
Encrypted:	false
Size:	136406
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk.tmp
Category:	dropped
Dump:	About Java.lnk.tmp.0.dr
ID:	dr_55
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.617341782882422
Encrypted:	false
Size:	70296
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.exe.tmp
Category:	dropped
Dump:	Check For Updates.lnk.exe.tmp0.0.dr
ID:	dr_512
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.667916525821261
Encrypted:	false
Size:	136442
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk.tmp
Category:	dropped
Dump:	Check For Updates.lnk.tmp.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.653200754173754
Encrypted:	false
Size:	70332
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.exe.tmp
Category:	dropped
Dump:	Configure Java.lnk.exe.tmp.0.dr
ID:	dr_269
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6417774501321505
Encrypted:	false
Size:	136358
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk.tmp
Category:	dropped
Dump:	Configure Java.lnk.tmp.0.dr
ID:	dr_59
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.618329405922478
Encrypted:	false
Size:	70248
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.exe.tmp
Category:	dropped
Dump:	Get Help.url.exe.tmp.0.dr
ID:	dr_52
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65120532290497
Encrypted:	false
Size:	132586
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.tmp
Category:	dropped
Dump:	Get Help.url.tmp.0.dr
ID:	dr_61
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6528388749883405
Encrypted:	false
Size:	66476
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.exe.tmp
Category:	dropped
Dump:	Visit Java.com.url.exe.tmp.0.dr
ID:	dr_54
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65122943994986
Encrypted:	false
Size:	132578
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url.tmp
Category:	dropped
Dump:	Visit Java.com.url.tmp.0.dr
ID:	dr_62
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.652841786443995
Encrypted:	false
Size:	66468
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.exe.tmp
Category:	dropped
Dump:	Desktop.ini.exe.tmp.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.650814077723079
Encrypted:	false
Size:	132560
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.tmp
Category:	dropped
Dump:	Desktop.ini.tmp.0.dr
ID:	dr_64
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65226954976562
Encrypted:	false
Size:	66450
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.exe.tmp
Category:	dropped
Dump:	Microsoft Edge.lnk.exe.tmp.0.dr
ID:	dr_58
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.666893373087089
Encrypted:	false
Size:	137096
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk.tmp
Category:	dropped
Dump:	Microsoft Edge.lnk.tmp.0.dr
ID:	dr_65
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.647911658595186
Encrypted:	false
Size:	70986
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.exe.tmp
Category:	dropped
Dump:	Database Compare.lnk.exe.tmp.0.dr
ID:	dr_852
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.642810722907063
Encrypted:	false
Size:	137438
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.tmp
Category:	dropped
Dump:	Database Compare.lnk.tmp.0.dr
ID:	dr_516
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.618807708857447
Encrypted:	false
Size:	71328
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.tmp
Category:	dropped
Dump:	Office Language Preferences.lnk.tmp.0.dr
ID:	dr_854
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.622441399393412
Encrypted:	false
Size:	71062
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.tmp
Category:	dropped
Dump:	Skype for Business Recording Manager.lnk.tmp.0.dr
ID:	dr_856
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.646934078087204
Encrypted:	false
Size:	71112
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.exe.tmp
Category:	dropped
Dump:	Spreadsheet Compare.lnk.exe.tmp.0.dr
ID:	dr_858
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.637062734149834
Encrypted:	false
Size:	137462
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.tmp
Category:	dropped
Dump:	Spreadsheet Compare.lnk.tmp.0.dr
ID:	dr_520
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.610048336068531
Encrypted:	false
Size:	71352
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.tmp
Category:	dropped
Dump:	Telemetry Log for Office.lnk.tmp.0.dr
ID:	dr_860
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.540069795274333
Encrypted:	false
Size:	71346
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.exe.tmp
Category:	dropped
Dump:	OneNote.lnk.exe.tmp.0.dr
ID:	dr_67
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.671287013154418
Encrypted:	false
Size:	137090
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk.tmp
Category:	dropped
Dump:	OneNote.lnk.tmp.0.dr
ID:	dr_31
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659706897174122
Encrypted:	false
Size:	70980
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.exe.tmp
Category:	dropped
Dump:	Outlook.lnk.exe.tmp.0.dr
ID:	dr_68
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.670354818307944
Encrypted:	false
Size:	137118
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk.tmp
Category:	dropped
Dump:	Outlook.lnk.tmp.0.dr
ID:	dr_32
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659304863142861
Encrypted:	false
Size:	71008
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.exe.tmp
Category:	dropped
Dump:	PowerPoint.lnk.exe.tmp.0.dr
ID:	dr_60
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.638276745520169
Encrypted:	false
Size:	137204
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk.tmp
Category:	dropped
Dump:	PowerPoint.lnk.tmp.0.dr
ID:	dr_70
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.61368762379639
Encrypted:	false
Size:	71094
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.exe.tmp
Category:	dropped
Dump:	Publisher.lnk.exe.tmp.0.dr
ID:	dr_63
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.63853901183449
Encrypted:	false
Size:	137106
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk.tmp
Category:	dropped
Dump:	Publisher.lnk.tmp.0.dr
ID:	dr_71
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.614640823429369
Encrypted:	false
Size:	70996
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.exe.tmp
Category:	dropped
Dump:	Skype for Business.lnk.exe.tmp.0.dr
ID:	dr_66
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.669994610880494
Encrypted:	false
Size:	137216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk.tmp
Category:	dropped
Dump:	Skype for Business.lnk.tmp.0.dr
ID:	dr_73
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656191701307317
Encrypted:	false
Size:	71106
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp3.0.dr
ID:	dr_69
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6535459135227
Encrypted:	false
Size:	132568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the startup folder	Boot Survival	Registry Run Keys / Startup Folder
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp10.0.dr
ID:	dr_74
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656658630887608
Encrypted:	false
Size:	66458
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the startup folder	Boot Survival	Registry Run Keys / Startup Folder
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.exe.tmp
Category:	dropped
Dump:	Task Manager.lnk.exe.tmp.0.dr
ID:	dr_523
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65088932534294
Encrypted:	false
Size:	134460
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk.tmp
Category:	dropped
Dump:	Task Manager.lnk.tmp.0.dr
ID:	dr_78
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.636840477692739
Encrypted:	false
Size:	68350
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp4.0.dr
ID:	dr_72
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6414640414399475
Encrypted:	false
Size:	132896
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp11.0.dr
ID:	dr_76
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.633957232774569
Encrypted:	false
Size:	66786
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.tmp
Category:	dropped
Dump:	Windows PowerShell ISE (x86).lnk.tmp.0.dr
ID:	dr_862
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.652085615567027
Encrypted:	false
Size:	68692
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe.tmp
Category:	dropped
Dump:	Windows PowerShell ISE.lnk.exe.tmp.0.dr
ID:	dr_864
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6336537783335885
Encrypted:	false
Size:	134802
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.tmp
Category:	dropped
Dump:	Windows PowerShell ISE.lnk.tmp.0.dr
ID:	dr_529
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.609925544634655
Encrypted:	false
Size:	68692
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp11.0.dr
ID:	dr_528
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6503726281137165
Encrypted:	false
Size:	132656
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp14.0.dr
ID:	dr_525
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.651442458155319
Encrypted:	false
Size:	66546
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.exe.tmp
Category:	dropped
Dump:	Word.lnk.exe.tmp.0.dr
ID:	dr_80
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.598785200602034
Encrypted:	false
Size:	137206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk.tmp
Category:	dropped
Dump:	Word.lnk.tmp.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.547964018876305
Encrypted:	false
Size:	71096
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp8.0.dr
ID:	dr_262
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6575314520961815
Encrypted:	false
Size:	133020
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp8.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.661577059232769
Encrypted:	false
Size:	66910
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp6.0.dr
ID:	dr_208
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.652802225710775
Encrypted:	false
Size:	132568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp2.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6559533055730125
Encrypted:	false
Size:	66458
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl.tmp
Category:	dropped
Dump:	wfpdiag.etl.tmp.0.dr
ID:	dr_209
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	5.377110938137905
Encrypted:	false
Size:	98878
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB.tmp
Category:	dropped
Dump:	UpdateLock-308046B0AF4A39CB.tmp.0.dr
ID:	dr_824
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649763137343155
Encrypted:	false
Size:	66110
Whitelisted:	false

Details

File:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.tmp
Category:	dropped
Dump:	VC_redist.x64.exe.tmp.0.dr
ID:	dr_826
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	7.268650817635375
Encrypted:	false
Size:	716702
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.exe.tmp
Category:	dropped
Dump:	state.rsm.exe.tmp.0.dr
ID:	dr_825
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.660439634097478
Encrypted:	false
Size:	133980
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.tmp
Category:	dropped
Dump:	state.rsm.tmp.0.dr
ID:	dr_171
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.657441087176727
Encrypted:	false
Size:	67870
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\TightVNC\tvnserver.log.tmp
Category:	dropped
Dump:	tvnserver.log.tmp2.0.dr
ID:	dr_952
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.592818353938007
Encrypted:	false
Size:	71558
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.0884f9b2-b6ec-4b87-899f-510361add0dc.1.etl.tmp.0.dr
ID:	dr_866
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.486576412730998
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.tmp.0.dr
ID:	dr_868
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.299137312937535
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.21a55447-0332-4ea2-8e22-8ddd09981184.1.etl.tmp.0.dr
ID:	dr_871
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.490578840051775
Encrypted:	false
Size:	74302
Whitelisted:	false

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.38fad0bf-4730-4bc4-be22-5277e88811cd.1.etl.tmp.0.dr
ID:	dr_872
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4330374545954765
Encrypted:	false
Size:	74302
Whitelisted:	false

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.480bc3f4-4991-4ffc-b70d-c15db82e9d6a.1.etl.tmp.0.dr
ID:	dr_874
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.490589966252707
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.a686e598-6877-4264-9711-989651a302f7.1.etl.tmp.0.dr
ID:	dr_876
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.476591906987948
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.tmp.0.dr
ID:	dr_878
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.482180453428936
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.c6e0f9e8-f670-49c4-974e-9d40568a1011.1.etl.tmp.0.dr
ID:	dr_880
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.4755265458565665
Encrypted:	false
Size:	74302
Whitelisted:	false

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.tmp.0.dr
ID:	dr_882
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.298488300509966
Encrypted:	false
Size:	74302
Whitelisted:	false

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.tmp.0.dr
ID:	dr_884
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.2988480846935495
Encrypted:	false
Size:	74302
Whitelisted:	false

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.f3f7cc8e-795b-4925-9b8c-26e2ea300f41.1.etl.tmp.0.dr
ID:	dr_886
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.490309395777122
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.tmp.0.dr
ID:	dr_888
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.298889997327128
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp
Category:	dropped
Dump:	NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.tmp.0.dr
ID:	dr_891
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.476847828903141
Encrypted:	false
Size:	74302
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\USOShared\Logs\User\UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp
Category:	dropped
Dump:	UpdateUx.475a5b13-420d-4358-9fdb-c77913ec90af.1.etl.tmp.0.dr
ID:	dr_892
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.358544934814334
Encrypted:	false
Size:	111166
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\ProgramData\_curlrc.tmp
Category:	dropped
Dump:	_curlrc.tmp.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.649477980930323
Encrypted:	false
Size:	66126
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp
Category:	dropped
Dump:	regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.tmp.0.dr
ID:	dr_827
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.661376582563039
Encrypted:	false
Size:	68108
Whitelisted:	false

Details

File:	C:\Users\Public\Desktop\Adobe Acrobat.lnk.exe.tmp
Category:	dropped
Dump:	Adobe Acrobat.lnk.exe.tmp.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.63928643285872
Encrypted:	false
Size:	136342
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Desktop\Adobe Acrobat.lnk.tmp
Category:	dropped
Dump:	Adobe Acrobat.lnk.tmp.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.618304346111891
Encrypted:	false
Size:	70232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Desktop\Firefox.lnk.exe.tmp
Category:	dropped
Dump:	Firefox.lnk.exe.tmp.0.dr
ID:	dr_37
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.654068526824798
Encrypted:	false
Size:	134206
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Desktop\Firefox.lnk.tmp
Category:	dropped
Dump:	Firefox.lnk.tmp.0.dr
ID:	dr_27
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.656181878535561
Encrypted:	false
Size:	68096
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Desktop\Google Chrome.lnk.exe.tmp
Category:	dropped
Dump:	Google Chrome.lnk.exe.tmp.0.dr
ID:	dr_38
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.636427590868708
Encrypted:	false
Size:	136924
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Desktop\Google Chrome.lnk.tmp
Category:	dropped
Dump:	Google Chrome.lnk.tmp.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.607337370549208
Encrypted:	false
Size:	70814
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Desktop\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp.0.dr
ID:	dr_36
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.644842162769746
Encrypted:	false
Size:	132568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Desktop\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp7.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64107572247372
Encrypted:	false
Size:	66458
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Documents\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp0.0.dr
ID:	dr_39
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.648106940617158
Encrypted:	false
Size:	132776
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Documents\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.64731462506087
Encrypted:	false
Size:	66666
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Music\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp1.0.dr
ID:	dr_40
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.65562742566642
Encrypted:	false
Size:	132980
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Music\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp0.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659621569332366
Encrypted:	false
Size:	66870
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\Public\Pictures\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp5.0.dr
ID:	dr_82
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6557202135543205
Encrypted:	false
Size:	132980
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Pictures\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp9.0.dr
ID:	dr_41
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.6595795762289125
Encrypted:	false
Size:	66870
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Videos\desktop.ini.exe.tmp
Category:	dropped
Dump:	desktop.ini.exe.tmp2.0.dr
ID:	dr_42
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.655609807735868
Encrypted:	false
Size:	132980
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\Public\Videos\desktop.ini.tmp
Category:	dropped
Dump:	desktop.ini.tmp1.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\mal2.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy:	6.659587442497482
Encrypted:	false
Size:	66870
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mal2

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmal2

Files

IOC Report
mal2