Expresses interest in specific running processes Show sources
| api_process_name | achsv.exe |
| api_process_name | COM7.EXE |
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Anomalous binary characteristics Show sources
| static_pe_anomaly | Actual checksum does not match that reported in PE header |
Installs itself for autorun at Windows startup Show sources
| registry_write | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\COMLOADER |
| data | \\.\D:\Program Files\FoxitReader\bin\COM7.EXE |
| file | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PDF FoxitReader.exe |
| file_write | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PDF FoxitReader.exe |
Creates a hidden or system file Show sources
| file_write | C:\Users\user\AppData\Local\Temp\Rar$EX7.src777\ |
Sniffs keystrokes Show sources
| api_process_name | Process: achsv.exe(2420) |