Analysis Overview
SHA256
452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191
Threat Level: Shows suspicious behavior
The file 452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 21:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 21:14
Reported
2024-10-25 21:16
Platform
win7-20241023-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-WMPENC_31BF3856AD364E35_6.1.7600.16385_NONE_00192601418CADFF\WMPENC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_A0CF62EFEE3228A3\WABMIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BCDBOOT-CMDLINETOOL_31BF3856AD364E35_6.1.7601.17514_NONE_BF7BEA0454C3F0CF\BCDBOOT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ICACLS_31BF3856AD364E35_6.1.7600.16385_NONE_8EA990B7BFAB3802\ICACLS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..PLATFORM-INPUT-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_2F3651E7F36D703F\WISPTIS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IEINSTAL_31BF3856AD364E35_11.2.9600.16428_NONE_CAF2EC2CA6B08F27\IEINSTAL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-CPL_31BF3856AD364E35_6.1.7601.17514_NONE_B5AC5CC3A1B7E9EF\BITLOCKERWIZARD.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SERVICING\GC64\TZUPD.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-SNMP-PROVIDER_31BF3856AD364E35_6.1.7601.17514_NONE_08E183F8DD5F48B7\SMI2SMIR.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\NETSTAT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FORFILES_31BF3856AD364E35_6.1.7600.16385_NONE_B1186146F739D0F1\FORFILES.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-G..POLICY-CMDLINETOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_975DF0A6F5A54628\GPUPDATE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..PDATECLIENT-ACTIVEX_31BF3856AD364E35_7.5.7601.17514_NONE_AF500E3C7FC49BC4\WUAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CTTUNESVR_31BF3856AD364E35_6.1.7600.16385_NONE_4BEFC8EB38093BB1\CTTUNESVR.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_WPF-XAMLVIEWER_31BF3856AD364E35_6.1.7601.17514_NONE_B43451F0938C6CD0\XAMLVIEWER_V0300.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..-COREINKRECOGNITION_31BF3856AD364E35_6.1.7600.16385_NONE_498D334C14A3B9BB\HWRREG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\PRESENTATIONFONTCAC#\0246845F487E5F33D3564EFF578665A3\PRESENTATIONFONTCACHE.NI.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ION-TELEMETRY-AGENT_31BF3856AD364E35_6.1.7601.17514_NONE_3092574C7D41010B\AITAGENT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..-SETIEINSTALLEDDATE_31BF3856AD364E35_8.0.7600.16385_NONE_7F263A8951BC5A48\SETIEINSTALLEDDATE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICEPACKCOORDINATOR_31BF3856AD364E35_6.1.7601.17514_NONE_92E727843E307E1B\SPINSTALL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..-ODBC-ADMINISTRATOR_31BF3856AD364E35_6.1.7600.16385_NONE_A044D905576812D4\ODBCAD32.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SETUP-COMPONENT_31BF3856AD364E35_6.1.7601.17514_NONE_905283BDC3E1D2D8\WINDEPLOY.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..IME-EASHARED-IMEPAD_31BF3856AD364E35_6.1.7601.17514_NONE_98B24799B5D08C05\IMEPADSV.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..AGEENGINE-UTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_3580DEA4DEF227D4\ESENTUTL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\PUBS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..-DEPLOYMENT-PACKAGE_31BF3856AD364E35_6.1.7600.16385_NONE_BAC291589D407FDE\TFTP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_NETFX-APPLAUNCH_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_51E5E402131AFC4A\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EVENTCREATE_31BF3856AD364E35_6.1.7600.16385_NONE_3157C24B5944E2A3\EVENTCREATE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-INSTALLER-EXECUTABLE_31BF3856AD364E35_6.1.7601.17514_NONE_A7A77A3B9CB96CE6\MSIEXEC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SOUNDRECORDER_31BF3856AD364E35_6.1.7601.17514_NONE_FD2F4B124982E400\SOUNDRECORDER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_WCF-ICARDAGT_EXE_31BF3856AD364E35_6.1.7600.16385_NONE_8DCC9C6F8B58A5EB\ICARDAGT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\LOADMXF.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FDDDO_31BF3856AD364E35_6.1.7600.16385_NONE_B0DE2AFE4CA7A1E2\DEVICEDISPLAYOBJECTPROVIDER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FSUTIL_31BF3856AD364E35_6.1.7600.16385_NONE_28590620099DA2D8\FSUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPTIONALTSPS_31BF3856AD364E35_6.1.7600.16385_NONE_3DF12FEBE293CE5D\TCMSETUP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SETUPCACHE\V4.7.03062\SETUP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..UNTERINFRASTRUCTURE_31BF3856AD364E35_6.1.7600.16385_NONE_CD7AEEFF1897D018\LODCTR.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\ROUTE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\HH.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..WSUPDATECLIENT-CORE_31BF3856AD364E35_7.5.7601.17514_NONE_1F3413AFC64D10C5\WUAUCLT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYSTEMRESTORE-MAIN_31BF3856AD364E35_6.1.7601.17514_NONE_A505D556C9DE886A\RSTRUI.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WINRE-RECOVERYTOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_3142C61B8ADA510F\REAGENTC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_177A088436382A34\UNSECAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGSQL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RUNAS_31BF3856AD364E35_6.1.7600.16385_NONE_BBDD3AEB771E694E\RUNAS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\MISC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_REGSQL_B03F5F7F11D50A3A_6.1.7600.16385_NONE_DCB42EC76404494F\ASPNET_REGSQL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-MCWEBLAUNCHER_31BF3856AD364E35_6.1.7600.16385_NONE_5846A8771B202706\MEDIACENTERWEBLAUNCHER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_C09AA5B3BEC88BEB\BDEUISRV.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPSHARE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..OMMAND-LINE-UTILITY_31BF3856AD364E35_6.1.7600.16385_NONE_FD9EC705E687F8C2\WMIC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TASKHOST_31BF3856AD364E35_6.1.7601.18010_NONE_86608C5A70F925BC\TASKHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe
"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 21:14
Reported
2024-10-25 21:16
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\TNAMESERV.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXIDENTITYPROVIDER_12.50.6001.0_X64__8WEKYB3D8BBWE\XBOXIDP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP32.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH\JAVAWS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\NOTIFICATION_HELPER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.53.77.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATEBROKER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSHARE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXSPEECHTOTEXTOVERLAY_1.17.29001.0_X64__8WEKYB3D8BBWE\SPEECHTOTEXTOVERLAY64-RETAIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEINSTAL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\TNAMESERV.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PROTOCOLHANDLER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0409-1000-0000000FF1CE}\MISC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SHAPECOLLECTOR.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVA.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.BINGWEATHER_4.25.20211.0_X64__8WEKYB3D8BBWE\MICROSOFT.MSN.WEATHER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARMHELPER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PDFREFLOW.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAW.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JRUNSCRIPT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\ORBD.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\WIN32BRIDGE.SERVER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\INSTALLER\SETUP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\MAVINJECT32.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\INTEGRATION\ADDONS\ONEDRIVESETUP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SDXHELPERBGT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.HEIFIMAGEEXTENSION_1.0.22742.0_X64__8WEKYB3D8BBWE\CODECPACKS.HEIF.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACRORD32INFO.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\DOTNET\DOTNET.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SERVERTOOL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\MSEDGE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.DBCONNECTION.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OUTICON.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFT3DVIEWER_6.1908.2042.0_X64__8WEKYB3D8BBWE\3DVIEWER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCAMERA_2018.826.98.0_X64__8WEKYB3D8BBWE\WINDOWSCAMERA.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_16005.11629.20316.0_X64__8WEKYB3D8BBWE\HXACCOUNTS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\EXTCHECK.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JARSIGNER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOX.TCUI_1.23.28002.0_X64__8WEKYB3D8BBWE\TCUI-APP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.GETSTARTED_8.2.22942.0_X64__8WEKYB3D8BBWE\WHATSNEW.STORE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\UNPACK200.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\VPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.OFFICE.ONENOTE_16001.12026.20112.0_X64__8WEKYB3D8BBWE\ONENOTESHARE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.STOREPURCHASEAPP_11811.1001.18.0_X64__8WEKYB3D8BBWE\STOREEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ARH.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOEV.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSTAT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.PEOPLEEXPERIENCEHOST_CW5N1H2TXYEWY\PEOPLEEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\DFSVC\2.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.XBOXGAMECALLABLEUI_CW5N1H2TXYEWY\XBOX.TCUI.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\READER_SL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGIIS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\PARENTALCONTROLS_CW5N1H2TXYEWY\WPCUAPAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\WSATCONFIG\3.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ASSIGNEDACCESSLOCKAPP_CW5N1H2TXYEWY\ASSIGNEDACCESSLOCKAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADOBECOLLABSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SPLWOW64.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.CALLINGSHELLAPP_CW5N1H2TXYEWY\CALLINGSHELLAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.UNDOCKEDDEVKIT_CW5N1H2TXYEWY\UNDOCKEDDEVKIT.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EULA.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LOCKAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\BOOT\PCAT\MEMTEST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_32\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_64\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\SMSVCHOST\V4.0_4.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG_CW5N1H2TXYEWY\ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.FILEPICKER_CW5N1H2TXYEWY\FILEPICKER.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\NGEN.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSMON.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.ECAPP_8WEKYB3D8BBWE\MICROSOFT.ECAPP.EXE | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe
"C:\Users\Admin\AppData\Local\Temp\452733dc7e7cc2f2807f0b10cb6194899dc56fe0ed56140bf1bf53244c23b191.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |