Harmony Endpoint Forensics Analysis: Tree Timeline View

Creates (241\241) Renames (0\0) Deletes (2\2) Writes (193\193) Reads (14\36) Loads Image (62\62)

Show entries

Search:

File Name	File Path	File Size (bytes)	Time
nsm72da.tmp	c:\users\ieuser\appdata\local\temp\nsm72da.tmp	0	8/2/2024, 7:20:13 AM
nsm72db.tmp	c:\users\ieuser\appdata\local\temp\nsm72db.tmp	0	8/2/2024, 7:20:13 AM
nsm72db.tmp	c:\users\ieuser\appdata\local\temp\nsm72db.tmp	0	8/2/2024, 7:20:13 AM
system.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\system.dll	12288	8/2/2024, 7:20:13 AM
2k4lpey89rbnqfw0cpbjnwkthvq	c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	0	8/2/2024, 7:20:14 AM
app-64.7z	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\app-64.7z	86914949	8/2/2024, 7:20:14 AM
7z-out	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	0	8/2/2024, 7:20:15 AM
nsis7z.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\nsis7z.dll	434176	8/2/2024, 7:20:15 AM
locales	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales	0	8/2/2024, 7:20:15 AM
node_modules	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules	0	8/2/2024, 7:20:15 AM
koffi	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi	0	8/2/2024, 7:20:15 AM
build	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build	0	8/2/2024, 7:20:15 AM
koffi	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi	0	8/2/2024, 7:20:15 AM
darwin_arm64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_arm64	0	8/2/2024, 7:20:15 AM
darwin_x64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_x64	0	8/2/2024, 7:20:15 AM
freebsd_arm64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_arm64	0	8/2/2024, 7:20:15 AM
freebsd_ia32	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_ia32	0	8/2/2024, 7:20:15 AM
freebsd_x64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_x64	0	8/2/2024, 7:20:15 AM
linux_arm64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_arm64	0	8/2/2024, 7:20:15 AM
linux_armhf	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_armhf	0	8/2/2024, 7:20:15 AM
linux_ia32	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_ia32	0	8/2/2024, 7:20:15 AM
linux_riscv64d	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_riscv64d	0	8/2/2024, 7:20:15 AM
linux_x64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_x64	0	8/2/2024, 7:20:15 AM
openbsd_ia32	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_ia32	0	8/2/2024, 7:20:15 AM
openbsd_x64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_x64	0	8/2/2024, 7:20:15 AM
win32_arm64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64	0	8/2/2024, 7:20:15 AM
win32_ia32	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32	0	8/2/2024, 7:20:15 AM
win32_x64	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64	0	8/2/2024, 7:20:15 AM
resources	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\resources	0	8/2/2024, 7:20:15 AM
chrome_100_percent.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\chrome_100_percent.pak	151856	8/2/2024, 7:20:21 AM
chrome_200_percent.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\chrome_200_percent.pak	228784	8/2/2024, 7:20:21 AM
icudtl.dat	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\icudtl.dat	10468208	8/2/2024, 7:20:21 AM
license.electron.txt	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\license.electron.txt	1096	8/2/2024, 7:20:21 AM
licenses.chromium.html	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\licenses.chromium.html	9453630	8/2/2024, 7:20:21 AM
af.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\af.pak	506356	8/2/2024, 7:20:21 AM
am.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\am.pak	818902	8/2/2024, 7:20:21 AM
ar.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ar.pak	895310	8/2/2024, 7:20:21 AM
bg.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\bg.pak	935663	8/2/2024, 7:20:21 AM
bn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\bn.pak	1205172	8/2/2024, 7:20:21 AM
ca.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ca.pak	569406	8/2/2024, 7:20:21 AM
cs.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\cs.pak	585751	8/2/2024, 7:20:21 AM
da.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\da.pak	530871	8/2/2024, 7:20:21 AM
de.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\de.pak	566516	8/2/2024, 7:20:21 AM
el.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\el.pak	1026214	8/2/2024, 7:20:21 AM
en-gb.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\en-gb.pak	461229	8/2/2024, 7:20:21 AM
en-us.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\en-us.pak	464974	8/2/2024, 7:20:21 AM
es-419.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\es-419.pak	560448	8/2/2024, 7:20:21 AM
es.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\es.pak	560253	8/2/2024, 7:20:21 AM
et.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\et.pak	509761	8/2/2024, 7:20:21 AM
fa.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fa.pak	833293	8/2/2024, 7:20:21 AM
fi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fi.pak	520334	8/2/2024, 7:20:21 AM
fil.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fil.pak	587316	8/2/2024, 7:20:21 AM
fr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fr.pak	605474	8/2/2024, 7:20:21 AM
gu.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\gu.pak	1185869	8/2/2024, 7:20:21 AM
he.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\he.pak	730564	8/2/2024, 7:20:21 AM
hi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hi.pak	1250569	8/2/2024, 7:20:21 AM
hr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hr.pak	564848	8/2/2024, 7:20:21 AM
hu.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hu.pak	609356	8/2/2024, 7:20:21 AM
id.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\id.pak	502641	8/2/2024, 7:20:21 AM
it.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\it.pak	552524	8/2/2024, 7:20:21 AM
ja.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ja.pak	675334	8/2/2024, 7:20:21 AM
kn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\kn.pak	1357072	8/2/2024, 7:20:21 AM
ko.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ko.pak	570460	8/2/2024, 7:20:21 AM
lt.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\lt.pak	611793	8/2/2024, 7:20:21 AM
lv.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\lv.pak	611059	8/2/2024, 7:20:21 AM
lv.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\lv.pak	611059	8/2/2024, 7:20:21 AM
ml.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ml.pak	1413072	8/2/2024, 7:20:22 AM
mr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\mr.pak	1163258	8/2/2024, 7:20:22 AM
ms.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ms.pak	527328	8/2/2024, 7:20:22 AM
nb.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\nb.pak	511244	8/2/2024, 7:20:22 AM
nl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\nl.pak	528498	8/2/2024, 7:20:22 AM
pl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pl.pak	588233	8/2/2024, 7:20:22 AM
pt-br.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pt-br.pak	553077	8/2/2024, 7:20:22 AM
pt-pt.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pt-pt.pak	556968	8/2/2024, 7:20:22 AM
ro.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ro.pak	576470	8/2/2024, 7:20:22 AM
ru.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ru.pak	946445	8/2/2024, 7:20:22 AM
sk.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sk.pak	594641	8/2/2024, 7:20:22 AM
sl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sl.pak	570310	8/2/2024, 7:20:22 AM
sr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sr.pak	879894	8/2/2024, 7:20:22 AM
sv.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sv.pak	513761	8/2/2024, 7:20:22 AM
sw.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sw.pak	541714	8/2/2024, 7:20:22 AM
ta.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ta.pak	1404121	8/2/2024, 7:20:22 AM
te.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\te.pak	1295502	8/2/2024, 7:20:22 AM
th.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\th.pak	1088236	8/2/2024, 7:20:22 AM
tr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\tr.pak	552876	8/2/2024, 7:20:22 AM
uk.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\uk.pak	946065	8/2/2024, 7:20:22 AM
ur.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ur.pak	828391	8/2/2024, 7:20:22 AM
vi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\vi.pak	655225	8/2/2024, 7:20:22 AM
zh-cn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\zh-cn.pak	471962	8/2/2024, 7:20:22 AM
zh-tw.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\zh-tw.pak	466903	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_arm64\koffi.node	3831495	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_x64\koffi.node	4124928	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_arm64\koffi.node	4990944	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_ia32\koffi.node	4180724	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_x64\koffi.node	5446192	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_arm64\koffi.node	4822104	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_armhf\koffi.node	3671900	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_ia32\koffi.node	4134680	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_riscv64d\koffi.node	3478544	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_x64\koffi.node	5369560	8/2/2024, 7:20:22 AM

Showing 1 to 100 of 241 entries

Previous1 2 3Next

Renamed Name	Renamed File Path	Source Name	Source File Path	Time
No data available in table

Show entries

Search:

File Name	File Path	File Size (bytes)	Time
system.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\system.dll	12288	8/2/2024, 7:20:13 AM
app-64.7z	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\app-64.7z	86914949	8/2/2024, 7:20:14 AM
nsis7z.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\nsis7z.dll	434176	8/2/2024, 7:20:15 AM
chrome_100_percent.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\chrome_100_percent.pak	151856	8/2/2024, 7:20:21 AM
chrome_200_percent.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\chrome_200_percent.pak	228784	8/2/2024, 7:20:21 AM
icudtl.dat	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\icudtl.dat	10468208	8/2/2024, 7:20:21 AM
license.electron.txt	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\license.electron.txt	1096	8/2/2024, 7:20:21 AM
licenses.chromium.html	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\licenses.chromium.html	9453630	8/2/2024, 7:20:21 AM
af.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\af.pak	506356	8/2/2024, 7:20:21 AM
am.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\am.pak	818902	8/2/2024, 7:20:21 AM
ar.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ar.pak	895310	8/2/2024, 7:20:21 AM
bg.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\bg.pak	935663	8/2/2024, 7:20:21 AM
bn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\bn.pak	1205172	8/2/2024, 7:20:21 AM
ca.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ca.pak	569406	8/2/2024, 7:20:21 AM
cs.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\cs.pak	585751	8/2/2024, 7:20:21 AM
da.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\da.pak	530871	8/2/2024, 7:20:21 AM
de.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\de.pak	566516	8/2/2024, 7:20:21 AM
el.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\el.pak	1026214	8/2/2024, 7:20:21 AM
en-gb.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\en-gb.pak	461229	8/2/2024, 7:20:21 AM
en-us.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\en-us.pak	464974	8/2/2024, 7:20:21 AM
es-419.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\es-419.pak	560448	8/2/2024, 7:20:21 AM
es.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\es.pak	560253	8/2/2024, 7:20:21 AM
et.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\et.pak	509761	8/2/2024, 7:20:21 AM
fa.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fa.pak	833293	8/2/2024, 7:20:21 AM
fi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fi.pak	520334	8/2/2024, 7:20:21 AM
fil.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fil.pak	587316	8/2/2024, 7:20:21 AM
fr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\fr.pak	605474	8/2/2024, 7:20:21 AM
gu.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\gu.pak	1185869	8/2/2024, 7:20:21 AM
he.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\he.pak	730564	8/2/2024, 7:20:21 AM
hi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hi.pak	1250569	8/2/2024, 7:20:21 AM
hr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hr.pak	564848	8/2/2024, 7:20:21 AM
hu.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\hu.pak	609356	8/2/2024, 7:20:21 AM
id.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\id.pak	502641	8/2/2024, 7:20:21 AM
it.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\it.pak	552524	8/2/2024, 7:20:21 AM
ja.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ja.pak	675334	8/2/2024, 7:20:21 AM
kn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\kn.pak	1357072	8/2/2024, 7:20:21 AM
ko.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ko.pak	570460	8/2/2024, 7:20:21 AM
lt.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\lt.pak	611793	8/2/2024, 7:20:21 AM
lv.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\lv.pak	611059	8/2/2024, 7:20:21 AM
ml.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ml.pak	1413072	8/2/2024, 7:20:22 AM
mr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\mr.pak	1163258	8/2/2024, 7:20:22 AM
ms.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ms.pak	527328	8/2/2024, 7:20:22 AM
nb.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\nb.pak	511244	8/2/2024, 7:20:22 AM
nl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\nl.pak	528498	8/2/2024, 7:20:22 AM
pl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pl.pak	588233	8/2/2024, 7:20:22 AM
pt-br.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pt-br.pak	553077	8/2/2024, 7:20:22 AM
pt-pt.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\pt-pt.pak	556968	8/2/2024, 7:20:22 AM
ro.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ro.pak	576470	8/2/2024, 7:20:22 AM
ru.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ru.pak	946445	8/2/2024, 7:20:22 AM
sk.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sk.pak	594641	8/2/2024, 7:20:22 AM
sl.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sl.pak	570310	8/2/2024, 7:20:22 AM
sr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sr.pak	879894	8/2/2024, 7:20:22 AM
sv.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sv.pak	513761	8/2/2024, 7:20:22 AM
sw.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\sw.pak	541714	8/2/2024, 7:20:22 AM
ta.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ta.pak	1404121	8/2/2024, 7:20:22 AM
te.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\te.pak	1295502	8/2/2024, 7:20:22 AM
th.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\th.pak	1088236	8/2/2024, 7:20:22 AM
tr.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\tr.pak	552876	8/2/2024, 7:20:22 AM
uk.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\uk.pak	946065	8/2/2024, 7:20:22 AM
ur.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\ur.pak	828391	8/2/2024, 7:20:22 AM
vi.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\vi.pak	655225	8/2/2024, 7:20:22 AM
zh-cn.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\zh-cn.pak	471962	8/2/2024, 7:20:22 AM
zh-tw.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\locales\zh-tw.pak	466903	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_arm64\koffi.node	3831495	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\darwin_x64\koffi.node	4124928	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_arm64\koffi.node	4990944	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_ia32\koffi.node	4180724	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\freebsd_x64\koffi.node	5446192	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_arm64\koffi.node	4822104	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_armhf\koffi.node	3671900	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_ia32\koffi.node	4134680	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_riscv64d\koffi.node	3478544	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\linux_x64\koffi.node	5369560	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_ia32\koffi.node	4246036	8/2/2024, 7:20:22 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\openbsd_x64\koffi.node	5450696	8/2/2024, 7:20:22 AM
koffi.exp	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.exp	994	8/2/2024, 7:20:23 AM
koffi.lib	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.lib	2054	8/2/2024, 7:20:23 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.node	1925120	8/2/2024, 7:20:23 AM
koffi.exp	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.exp	992	8/2/2024, 7:20:23 AM
koffi.lib	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.lib	2056	8/2/2024, 7:20:23 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.node	1667072	8/2/2024, 7:20:23 AM
koffi.exp	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.exp	983	8/2/2024, 7:20:23 AM
koffi.lib	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.lib	2054	8/2/2024, 7:20:23 AM
koffi.node	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.node	2335232	8/2/2024, 7:20:23 AM
app.asar	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\resources\app.asar	101322126	8/2/2024, 7:20:23 AM
resources.pak	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\resources.pak	5547928	8/2/2024, 7:20:25 AM
snapshot_blob.bin	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\snapshot_blob.bin	310242	8/2/2024, 7:20:26 AM
v8_context_snapshot.bin	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\v8_context_snapshot.bin	662053	8/2/2024, 7:20:26 AM
vk_swiftshader_icd.json	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\vk_swiftshader_icd.json	106	8/2/2024, 7:20:26 AM
d3dcompiler_47.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\d3dcompiler_47.dll	4916728	8/2/2024, 7:20:30 AM
ffmpeg.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\ffmpeg.dll	2682880	8/2/2024, 7:20:30 AM
kyrazongame-ns.exe.exe	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\kyrazongame-ns.exe.exe	58720256	8/2/2024, 7:20:30 AM
libegl.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\libegl.dll	481280	8/2/2024, 7:20:32 AM
libglesv2.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\libglesv2.dll	8049152	8/2/2024, 7:20:32 AM
elevate.exe	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\resources\elevate.exe	107520	8/2/2024, 7:20:32 AM
vk_swiftshader.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\vk_swiftshader.dll	5475328	8/2/2024, 7:20:32 AM
vulkan-1.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\vulkan-1.dll	961024	8/2/2024, 7:20:33 AM
chrome_100_percent.pak	c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\chrome_100_percent.pak	151856	8/2/2024, 7:20:33 AM
chrome_200_percent.pak	c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\chrome_200_percent.pak	228784	8/2/2024, 7:20:33 AM
d3dcompiler_47.dll	c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\d3dcompiler_47.dll	4916728	8/2/2024, 7:20:33 AM

Showing 1 to 100 of 193 entries

Previous1 2Next

Show entries

Search:

File Name	File Path	Signer	File Size (bytes)	Time
ntdll.dll	c:\windows\system32\ntdll.dll	Microsoft Windows	2019328	8/2/2024, 7:20:13 AM
ntdll.dll	c:\windows\syswow64\ntdll.dll	Microsoft Windows	1687552	8/2/2024, 7:20:13 AM
wow64.dll	c:\windows\system32\wow64.dll	Microsoft Windows	339968	8/2/2024, 7:20:13 AM
wow64win.dll	c:\windows\system32\wow64win.dll	Microsoft Windows	507904	8/2/2024, 7:20:13 AM
wow64cpu.dll	c:\windows\system32\wow64cpu.dll	Microsoft Windows	36864	8/2/2024, 7:20:13 AM
kernel32.dll	c:\windows\syswow64\kernel32.dll	Microsoft Windows	917504	8/2/2024, 7:20:13 AM
kernelbase.dll	c:\windows\syswow64\kernelbase.dll	Microsoft Windows	2072576	8/2/2024, 7:20:13 AM
sba_iswwh.dll	c:\program files (x86)\checkpoint\endpoint security\efr\wow64\sba_iswwh.dll	Check Point Software Technologies Ltd.	270336	8/2/2024, 7:20:13 AM
sba_iswwh.dll	c:\program files (x86)\checkpoint\endpoint security\efr\sba_iswwh.dll	Check Point Software Technologies Ltd.	339968	8/2/2024, 7:20:13 AM
cphnt64w.dll	c:\program files (x86)\checkpoint\endpoint security\efr\cphnt64w.dll	Check Point Software Technologies Ltd.	339968	8/2/2024, 7:20:13 AM
cphnt32.dll	c:\program files (x86)\checkpoint\endpoint security\efr\cphnt32.dll	Check Point Software Technologies Ltd.	290816	8/2/2024, 7:20:13 AM
user32.dll	c:\windows\syswow64\user32.dll	Microsoft Windows	1675264	8/2/2024, 7:20:13 AM
win32u.dll	c:\windows\syswow64\win32u.dll	Microsoft Windows	94208	8/2/2024, 7:20:13 AM
gdi32.dll	c:\windows\syswow64\gdi32.dll	Microsoft Windows	143360	8/2/2024, 7:20:13 AM
gdi32full.dll	c:\windows\syswow64\gdi32full.dll	Microsoft Windows	1470464	8/2/2024, 7:20:13 AM
msvcp_win.dll	c:\windows\syswow64\msvcp_win.dll	Microsoft Windows	524288	8/2/2024, 7:20:13 AM
ucrtbase.dll	c:\windows\syswow64\ucrtbase.dll	Microsoft Windows	1187840	8/2/2024, 7:20:13 AM
shell32.dll	c:\windows\syswow64\shell32.dll	Microsoft Windows	5562368	8/2/2024, 7:20:13 AM
msvcrt.dll	c:\windows\syswow64\msvcrt.dll	Microsoft Windows	786432	8/2/2024, 7:20:13 AM
cfgmgr32.dll	c:\windows\syswow64\cfgmgr32.dll	Microsoft Windows	241664	8/2/2024, 7:20:13 AM
shcore.dll	c:\windows\syswow64\shcore.dll	Microsoft Windows	561152	8/2/2024, 7:20:13 AM
rpcrt4.dll	c:\windows\syswow64\rpcrt4.dll	Microsoft Windows	782336	8/2/2024, 7:20:13 AM
sspicli.dll	c:\windows\syswow64\sspicli.dll	Microsoft Windows	131072	8/2/2024, 7:20:13 AM
cryptbase.dll	c:\windows\syswow64\cryptbase.dll	Microsoft Windows	40960	8/2/2024, 7:20:13 AM
bcryptprimitives.dll	c:\windows\syswow64\bcryptprimitives.dll	Microsoft Windows	401408	8/2/2024, 7:20:13 AM
sechost.dll	c:\windows\syswow64\sechost.dll	Microsoft Windows	495616	8/2/2024, 7:20:13 AM
combase.dll	c:\windows\syswow64\combase.dll	Microsoft Windows	2588672	8/2/2024, 7:20:13 AM
windows.storage.dll	c:\windows\syswow64\windows.storage.dll	Microsoft Windows	6275072	8/2/2024, 7:20:13 AM
advapi32.dll	c:\windows\syswow64\advapi32.dll	Microsoft Windows	516096	8/2/2024, 7:20:13 AM
profapi.dll	c:\windows\syswow64\profapi.dll	Microsoft Windows	114688	8/2/2024, 7:20:13 AM
powrprof.dll	c:\windows\syswow64\powrprof.dll	Microsoft Windows	344064	8/2/2024, 7:20:13 AM
shlwapi.dll	c:\windows\syswow64\shlwapi.dll	Microsoft Windows	278528	8/2/2024, 7:20:13 AM
kernel.appcore.dll	c:\windows\syswow64\kernel.appcore.dll	Microsoft Windows	61440	8/2/2024, 7:20:13 AM
cryptsp.dll	c:\windows\syswow64\cryptsp.dll	Microsoft Windows	73728	8/2/2024, 7:20:13 AM
ole32.dll	c:\windows\syswow64\ole32.dll	Microsoft Windows	1032192	8/2/2024, 7:20:13 AM
comctl32.dll	c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.379_none_5892bf0378a97e8e\comctl32.dll	Microsoft Windows	581632	8/2/2024, 7:20:13 AM
imm32.dll	c:\windows\syswow64\imm32.dll	Microsoft Windows	151552	8/2/2024, 7:20:13 AM
cphusr32.dll	c:\program files (x86)\checkpoint\endpoint security\efr\cphusr32.dll	Check Point Software Technologies Ltd.	122880	8/2/2024, 7:20:13 AM
uxtheme.dll	c:\windows\syswow64\uxtheme.dll	Microsoft Windows	503808	8/2/2024, 7:20:13 AM
userenv.dll	c:\windows\syswow64\userenv.dll	Microsoft Windows	143360	8/2/2024, 7:20:13 AM
setupapi.dll	c:\windows\syswow64\setupapi.dll	Microsoft Windows	4501504	8/2/2024, 7:20:13 AM
bcrypt.dll	c:\windows\syswow64\bcrypt.dll	Microsoft Windows	102400	8/2/2024, 7:20:13 AM
apphelp.dll	c:\windows\syswow64\apphelp.dll	Microsoft Windows	638976	8/2/2024, 7:20:13 AM
propsys.dll	c:\windows\syswow64\propsys.dll	Microsoft Windows	1564672	8/2/2024, 7:20:13 AM
oleaut32.dll	c:\windows\syswow64\oleaut32.dll	Microsoft Windows	634880	8/2/2024, 7:20:13 AM
dwmapi.dll	c:\windows\syswow64\dwmapi.dll	Microsoft Windows	155648	8/2/2024, 7:20:13 AM
crypt32.dll	c:\windows\syswow64\crypt32.dll	Microsoft Windows	1675264	8/2/2024, 7:20:13 AM
msasn1.dll	c:\windows\syswow64\msasn1.dll	Microsoft Windows	57344	8/2/2024, 7:20:13 AM
oleacc.dll	c:\windows\syswow64\oleacc.dll	Microsoft Windows	344064	8/2/2024, 7:20:13 AM
clbcatq.dll	c:\windows\syswow64\clbcatq.dll	Microsoft Windows	528384	8/2/2024, 7:20:13 AM
ntmarta.dll	c:\windows\syswow64\ntmarta.dll	Microsoft Windows	167936	8/2/2024, 7:20:13 AM
version.dll	c:\windows\syswow64\version.dll	Microsoft Windows	32768	8/2/2024, 7:20:13 AM
shfolder.dll	c:\windows\syswow64\shfolder.dll	Microsoft Windows	24576	8/2/2024, 7:20:13 AM
system.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\system.dll	Image is not signed	28672	8/2/2024, 7:20:14 AM
nsis7z.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\nsis7z.dll	Image is not signed	475136	8/2/2024, 7:20:15 AM
windows.staterepositoryps.dll	c:\windows\syswow64\windows.staterepositoryps.dll	Microsoft Windows	552960	8/2/2024, 7:20:33 AM
wintypes.dll	c:\windows\syswow64\wintypes.dll	Microsoft Windows	897024	8/2/2024, 7:20:33 AM
cldapi.dll	c:\windows\syswow64\cldapi.dll	Microsoft Windows	110592	8/2/2024, 7:20:33 AM
fltlib.dll	c:\windows\syswow64\fltlib.dll	Microsoft Windows	32768	8/2/2024, 7:20:33 AM
ntshrui.dll	c:\windows\syswow64\ntshrui.dll	Microsoft Windows	692224	8/2/2024, 7:20:34 AM
mssprxy.dll	c:\windows\syswow64\mssprxy.dll	Microsoft Windows	77824	8/2/2024, 7:20:36 AM
stdutils.dll	c:\users\ieuser\appdata\local\temp\nsm72db.tmp\stdutils.dll	Image is not signed	118784	8/2/2024, 7:20:36 AM

Showing 1 to 62 of 62 entries

Previous1Next

Rep	Protocol	URL	Action	Dst IP	Dst Port	Src IP	Src Port	Time
No data available in table

Rep	Domain Request	IP	Time
No data available in table

Protocol	Expected App Protocol	Direction	Dst IP	Dst Port	Src IP	Src Port	Bytes Received	Bytes Sent	Time
No data available in table

Src IP	Src Port	Time
No data available in table

Registry Key	Action	Value	Data Old	Data New	Time
No data available in table

Target	Action	Description	Result	Time
No data available in table

Name	Action	Description	Result	Time
\Sessions\1\BaseNamedObjects\ISWWH_BEACON@1e8@EFR-controller	Create	Event	Success	8/2/2024, 7:20:13 AM
HookSwitchHookEnabledEvent	Open	Event	Failed	8/2/2024, 7:20:13 AM
\KernelObjects\MaximumCommitCondition	Open	Event	Success	8/2/2024, 7:20:13 AM
Local\SM0:488:64:WilError_02	Create	Mutex	Success	8/2/2024, 7:20:13 AM
Local\SM0:488:168:WilStaging_02	Create	Mutex	Success	8/2/2024, 7:20:13 AM
Local\SM0:488:64:WilError_02_p0	Create	Semaphore	Success	8/2/2024, 7:20:13 AM
Local\SM0:488:64:WilError_02_p0	Open	Semaphore	Failed	8/2/2024, 7:20:13 AM
Local\SM0:488:168:WilStaging_02_p0	Create	Semaphore	Success	8/2/2024, 7:20:13 AM
Local\SM0:488:168:WilStaging_02_p0	Open	Semaphore	Failed	8/2/2024, 7:20:13 AM
Local\SM0:488:168:WilStaging_02_p0	Open	Semaphore	Success	8/2/2024, 7:20:13 AM
MSFT.VSA.IEC.STATUS.6c736db0	Open	Event	Failed	8/2/2024, 7:20:33 AM
MSFT.VSA.COM.DISABLE.488	Open	Event	Failed	8/2/2024, 7:20:33 AM
Local\SM0:488:64:WilError_02_p0	Open	Semaphore	Success	8/2/2024, 7:20:33 AM
Global\SyncRootManager	Create	Mutex	Success	8/2/2024, 7:20:33 AM
Global\SyncRootManager	Open	Mutex	Failed	8/2/2024, 7:20:33 AM

Target	Action	Description	Time
No data available in table

Target	Type	Details	Time
No data available in table

Target	Type	Details	Time
c:\users\ieuser\desktop\kyrazon setup.exe (PID: 488)	Token	{"Api":"OpenProcessToken","SID":"S-1-5-21-321011808-3761883066-353627080-1000","IntegrityLevel":3}	8/2/2024, 7:20:13 AM
N/A	Unknown	{"Name":"API_CreateWindow","Value":"OleMainThreadWndName"}	8/2/2024, 7:20:13 AM
N/A	Generic	{"Name":"API_NtQueryInformationProcess_DeviceMap"}	8/2/2024, 7:20:13 AM
N/A	DeviceIO	{"ctl":"470807"}	8/2/2024, 7:20:13 AM
N/A	Token	{"Api":"AdjustPrivileges","SID":"","IntegrityLevel":0,"Privileges":["SeSecurityPrivilege"]}	8/2/2024, 7:20:15 AM
N/A	Sid Conversion	{"Name":"","Local":1,"Type":0,"SID":["S-1-5-21-321011808-3761883066-353627080-1000"]}	8/2/2024, 7:20:33 AM
N/A	DeviceIO	{"ctl":"2d1400"}	8/2/2024, 7:20:33 AM
N/A	Unknown	{"Name":"API_CreateWindow","Value":"OLEChannelWnd"}	8/2/2024, 7:20:36 AM

Masquerading: Invalid Code Signature (1 event)

Adversaries may attempt to mimic features of valid code signatures to increase the chance of deceiving a user, analyst, or tool. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Adversaries can copy the metadata and signature information from a signed program, then use it as a template for an unsigned program. Files with invalid code signatures will fail digital signature validation checks, but they may appear more legitimate to users and security tools may improperly handle these files. Unlike Code Signing, this activity will not result in a valid signature. (T1036.001)

Description	Time
kyrazon setup.exe (PID: 488) has an invalid certificate name of: Image is not signed	8/2/2024, 7:20:10 AM

Archive Collected Data (1 event)

An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender. (T1560)

Description	Time
kyrazon setup.exe (PID: 488) created app-64.7z in c:\users\ieuser\appdata\local\temp\nsm72db.tmp	8/2/2024, 7:20:14 AM

User Execution: Malicious File (1 event)

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl. [cntrl9][cntrl9][cntrl9]Adversaries may employ various forms of Masquerading on the file to increase the likelihood that a user will open it. [cntrl9][cntrl9][cntrl9]While Malicious File frequently occurs shortly after Initial Access it may occur at other phases of an intrusion, such as when an adversary places a file in a shared directory or on a user's desktop hoping that a user will click on it. This activity may also be seen shortly after Internal Spearphishing. (T1204.002)

Description	Time
kyrazon setup.exe (PID: 488) executed.	8/2/2024, 7:20:10 AM

Unsigned Process (1 event)

There are many legitimate processes that the developers did not sign. However, please note that the vast majority of malware is unsigned.

Description	Time
kyrazon setup.exe (PID: 488) executed.	8/2/2024, 7:20:10 AM

Dropped Executable (10 events)

One or more executable files were created.

Description	Time
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64	8/2/2024, 7:20:23 AM
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32	8/2/2024, 7:20:23 AM
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64	8/2/2024, 7:20:23 AM
kyrazon setup.exe (PID: 488) created kyrazongame-ns.exe.exe in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:30 AM
kyrazon setup.exe (PID: 488) created elevate.exe in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out\resources	8/2/2024, 7:20:32 AM
kyrazon setup.exe (PID: 488) created kyrazongame-ns.exe.exe in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\node_modules\koffi\build\koffi\win32_arm64	8/2/2024, 7:20:36 AM
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\node_modules\koffi\build\koffi\win32_ia32	8/2/2024, 7:20:36 AM
kyrazon setup.exe (PID: 488) created koffi.node in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\node_modules\koffi\build\koffi\win32_x64	8/2/2024, 7:20:36 AM
kyrazon setup.exe (PID: 488) created elevate.exe in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq\resources	8/2/2024, 7:20:36 AM

Dropped Dll (15 events)

One or more Dll files were created.

Description	Time
kyrazon setup.exe (PID: 488) created system.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp	8/2/2024, 7:20:13 AM
kyrazon setup.exe (PID: 488) created nsis7z.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp	8/2/2024, 7:20:15 AM
kyrazon setup.exe (PID: 488) created d3dcompiler_47.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:30 AM
kyrazon setup.exe (PID: 488) created ffmpeg.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:30 AM
kyrazon setup.exe (PID: 488) created libegl.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:32 AM
kyrazon setup.exe (PID: 488) created libglesv2.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:32 AM
kyrazon setup.exe (PID: 488) created vk_swiftshader.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:32 AM
kyrazon setup.exe (PID: 488) created vulkan-1.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp\7z-out	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created d3dcompiler_47.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created ffmpeg.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created libegl.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created libglesv2.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created vk_swiftshader.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:33 AM
kyrazon setup.exe (PID: 488) created vulkan-1.dll in c:\users\ieuser\appdata\local\temp\2k4lpey89rbnqfw0cpbjnwkthvq	8/2/2024, 7:20:34 AM
kyrazon setup.exe (PID: 488) created stdutils.dll in c:\users\ieuser\appdata\local\temp\nsm72db.tmp	8/2/2024, 7:20:36 AM

Query Registry (5 events)

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. (T1012)

Description	Time
kyrazon setup.exe (PID: 488) accessed HKU\s-1-5-21-321011808-3761883066-353627080-1000\control panel\desktop\	8/2/2024, 7:20:13 AM
kyrazon setup.exe (PID: 488) accessed HKLM\system\controlset001\control\nls\language\	8/2/2024, 7:20:13 AM
kyrazon setup.exe (PID: 488) accessed HKU\s-1-5-21-321011808-3761883066-353627080-1000\control panel\desktop\muicached\	8/2/2024, 7:20:13 AM
kyrazon setup.exe (PID: 488) accessed HKLM\system\controlset001\control\computername\activecomputername\	8/2/2024, 7:20:15 AM
kyrazon setup.exe (PID: 488) accessed HKLM\software\microsoft\windows\currentversion\appmodelunlock\	8/2/2024, 7:20:33 AM