Analysis Overview
SHA256
5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15
Threat Level: Shows suspicious behavior
The file 5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 04:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 04:09
Reported
2024-10-26 04:11
Platform
win7-20240903-en
Max time kernel
15s
Max time network
17s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONVERT_31BF3856AD364E35_6.1.7601.17514_NONE_FAFB502ABEF1BE40\AUTOCONV.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TASKLIST_31BF3856AD364E35_6.1.7600.16385_NONE_843823D87402AB36\TASKLIST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-VSSADMIN_31BF3856AD364E35_6.1.7600.16385_NONE_207247174B54AF00\VSSADMIN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WRP-INTEGRITY-CLIENT_31BF3856AD364E35_6.1.7600.16385_NONE_8733BEE404F7386C\SFC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUTHENTICATION-LOGONUI_31BF3856AD364E35_6.1.7601.17514_NONE_C3B917FD89D834F3\LOGONUI.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_90ECF919657DACF4\FINGER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_NETFX-APPLAUNCH_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_51E5E402131AFC4A\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\WSATCONFIG\3.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE_31BF3856AD364E35_6.1.7600.16385_NONE_A018E05D0D33081D\DLLHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TCPIP_31BF3856AD364E35_6.1.7601.17514_NONE_BFAB9B4BA5F934F9\NETIOUGC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\EHPRIVJOB.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TZUTIL_31BF3856AD364E35_6.1.7601.17514_NONE_9269DA4819C69A89\TZUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGWIZ.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PING-UTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_052696AEA98BCEFC\PING.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_BRMFCWIA.INF_31BF3856AD364E35_6.1.7600.16385_NONE_11493A3982B640B7\BRMFRSMG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-EHPRIVJOB_31BF3856AD364E35_6.1.7601.17514_NONE_53393627486AE37B\EHPRIVJOB.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..MES-SPIDERSOLITAIRE_31BF3856AD364E35_6.1.7600.16385_NONE_DEAD260D8F002B73\SPIDERSOLITAIRE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_WCF-M_SM_CFG_INS_EXE_31BF3856AD364E35_6.1.7601.17514_NONE_5E47617F33C574AC\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSPAINT_31BF3856AD364E35_6.1.7600.16385_NONE_EA12784C0842BFC1\MSPAINT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REGISTRY-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_5023A70BF589AD3E\REGEDIT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COMMANDLINEHELP_31BF3856AD364E35_6.1.7600.16385_NONE_3020274B22E8A90F\HELP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ERRORREPORTINGFAULTS_31BF3856AD364E35_6.1.7601.17514_NONE_CE2D22115368DB7A\WERFAULTSECURE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-GC-REGISTERIEPKEYS_31BF3856AD364E35_11.2.9600.16428_NONE_0A3FE92B38DD8C45\REGISTERIEPKEYS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\CHGLOGON.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_NETFX-MSCORSVW_EXE_B03F5F7F11D50A3A_6.1.7600.16385_NONE_ACD03D9B9048BD78\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-G..POLICY-CMDLINETOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_975DF0A6F5A54628\GPUPDATE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-N..PROTECTION-STATUSUI_31BF3856AD364E35_6.1.7600.16385_NONE_998FF5C741AE3FB1\NAPSTAT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PCWDIAGNOSTIC_31BF3856AD364E35_6.1.7600.16385_NONE_5120BF8B19591AFA\PCWRUN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SNMP-TRAP-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_2B7FF0845918E12F\SNMPTRAP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEXPRESS_31BF3856AD364E35_11.2.9600.16428_NONE_46D2EFEF53C02386\WEXTRACT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OXGAMES-PURBLEPLACE_31BF3856AD364E35_6.1.7600.16385_NONE_622070221822EB39\PURBLEPLACE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\RESET.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGIIS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DNS-CLIENT_31BF3856AD364E35_6.1.7601.17514_NONE_4008824C98F8EDAC\DNSCACHEUGC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FILTERMANAGER-UTILS_31BF3856AD364E35_6.1.7600.16385_NONE_7582A4A93F08B488\FLTMC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\MCRMGR.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSINFO32-EXE_31BF3856AD364E35_6.1.7601.17514_NONE_0A026C46104DD379\MSINFO32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..-DOWNLEVEL.BINARIES_31BF3856AD364E35_6.3.9600.16428_NONE_5FAF8886FF3D65D0\MSSPELLCHECKINGFACILITY.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-GETTINGSTARTED_31BF3856AD364E35_6.1.7600.16385_NONE_DC7256ED0DED6C12\GETTINGSTARTED.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_32\EHEXTHOST32\6.1.0.0__31BF3856AD364E35\EHEXTHOST32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPLAYER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RPC-LOCATOR_31BF3856AD364E35_6.1.7600.16385_NONE_2B2984D40648FBE7\LOCATOR.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.7601.17514_NONE_D18028273214FA77\SEARCHINDEXER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-AUTOPLAY_31BF3856AD364E35_6.1.7601.17514_NONE_7920B60D569A4A1E\WMLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..SOR-NATIVE-WHITEBOX_31BF3856AD364E35_6.1.7601.17514_NONE_FF1B74D24817A82B\RMACTIVATE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NETPLWIZ-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_494BA66D2A12EFC3\NETPLWIZ.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\QAPPSRV.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMPDMC-UX_31BF3856AD364E35_6.1.7601.17514_NONE_4C8976380E00631F\WMPDMC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\REPLACE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IPCONFIG_31BF3856AD364E35_6.1.7600.16385_NONE_A82EE2A7319FA8F8\IPCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe
"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"
Network
Files
memory/2584-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/2584-3-0x0000000000400000-0x000000000041A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 04:09
Reported
2024-10-26 04:11
Platform
win10v2004-20241007-en
Max time kernel
101s
Max time network
102s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JMAP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PUBS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_14.53.77.0_X64__KZF8QXF38ZG5C\SKYPEAPP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\NOTIFICATION_HELPER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\KTAB.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOSREC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MIXEDREALITY.PORTAL_2000.19081.1301.0_X64__8WEKYB3D8BBWE\MIXEDREALITYPORTAL.BROKERED.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\SETUP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\PINGSENDER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\BHO\IE_TO_EDGE_STUB.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVAWS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PDFREFLOW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.DBCONNECTION.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JAUREG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSFEEDBACKHUB_1.1907.3152.0_X64__8WEKYB3D8BBWE\PILOTSHUBAPP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPSHARE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\UNPACK200.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JP2LAUNCHER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\SSVAGENT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOHTMED.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ONENOTE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\INTERNET EXPLORER\EXTEXPORT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEBROKER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATESETUP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA-RMI.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\POWERPNT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\WORDICON.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\UNINSTALL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\RMIREGISTRY.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\INTEGRATEDOFFICE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLERPYTHONREDIRECTOR.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEONDEMAND.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVCLEANER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSTATD.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTOFFICEHUB_18.1903.1152.0_X64__8WEKYB3D8BBWE\LOCALBRIDGE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WEBPIMAGEEXTENSION_1.0.22753.0_X64__8WEKYB3D8BBWE\CODECPACKS.WEBP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\COOKIE_EXPORTER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROTEXTEXTRACTOR.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER64.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JRUNSCRIPT.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MSPAINT_6.1907.29027.0_X64__8WEKYB3D8BBWE\PAINTSTUDIO.VIEW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WALLET_2.4.18324.0_X64__8WEKYB3D8BBWE\MICROSOFT.WALLET.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.ZUNEMUSIC_10.19071.19011.0_X64__8WEKYB3D8BBWE\MUSIC.UI.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSADEBUGD.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\NATIVE2ASCII.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ONENOTEM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\SCHEMAGEN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\ELEVATION_SERVICE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\MSEDGE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\MSEDGE_PWA_LAUNCHER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS PHOTO VIEWER\IMAGINGDEVICES.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAR.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JABSWITCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\NGEN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\WINDOWS.CBSPREVIEW_CW5N1H2TXYEWY\CAMERABARCODESCANNERPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\NGEN.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGASM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_DATASVCUTIL_B77A5C561934E089_4.0.15805.0_NONE_5B1ADA239E3B0505\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\WSATCONFIG\V4.0_4.0.0.0__B03F5F7F11D50A3A\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.XGPUEJECTDIALOG_CW5N1H2TXYEWY\XGPUEJECTDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\IEEXEC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGIIS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CASPOL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\NGENTASK.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_HYPERV-COMPUTE-CONT..UTIONSERVICE-SHARED_31BF3856AD364E35_10.0.19041.1_NONE_0BC0F3D4CD7DC8FD\CEXECSVC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\R\HVC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ADDINPROCESS_B77A5C561934E089_4.0.15805.0_NONE_74BABA51266F3010\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\IMMERSIVECONTROLPANEL\SYSTEMSETTINGS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINHLP32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGASM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.LOCKAPP_CW5N1H2TXYEWY\LOCKAPP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ASSIGNEDACCESSLOCKAPP_CW5N1H2TXYEWY\ASSIGNEDACCESSLOCKAPP.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\F\HVC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACRORD32INFO.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.FILEEXPLORER_CW5N1H2TXYEWY\FILEEXPLORER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\DFSVC\V4.0_4.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGIIS.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\PRINTDIALOG\PRINTDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.CREDDIALOGHOST_CW5N1H2TXYEWY\CREDDIALOGHOST.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.CAPTUREPICKER_CW5N1H2TXYEWY\CAPTUREPICKER.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
| File opened for modification | C:\WINDOWS\SPLWOW64.EXE | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe
"C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/624-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/624-2-0x0000000000400000-0x000000000041A000-memory.dmp