Analysis Overview
SHA256
424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7
Threat Level: Shows suspicious behavior
The file 424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 22:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 22:02
Reported
2024-11-08 22:04
Platform
win7-20240903-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-GC-REGISTERIEPKEYS_31BF3856AD364E35_8.0.7601.17514_NONE_A0C922C3B170DD5D\REGISTERIEPKEYS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-INFDEFAULTINSTALL_31BF3856AD364E35_6.1.7600.16385_NONE_C8897566B5C070A0\INFDEFAULTINSTALL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CVTRES.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-TOOLS-PRINTBRM_31BF3856AD364E35_6.1.7601.17514_NONE_DFE02DE35BF41E0B\PRINTBRMUI.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WAB-APP_31BF3856AD364E35_6.1.7601.17514_NONE_A0CF62EFEE3228A3\WABMIG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_SUBSYSTEM-FOR-UNIX-BASED-APPLICATIONS_31BF3856AD364E35_6.1.7601.17514_NONE_D20E5D35068F261A\PSXSS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MSBUILD\AF28543D9B3E7D9F110448ECCE53CD72\MSBUILD.NI.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_6.1.7601.17514_NONE_42D65ED50FA3C682\CHGUSR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TIMEOUT_31BF3856AD364E35_6.1.7600.16385_NONE_E8595E67DFF5B7F4\TIMEOUT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SERVICING\GC64\TZUPD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CHOICE_31BF3856AD364E35_6.1.7601.17514_NONE_218CF07BA262766C\CHOICE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-SETUP-SUPPORT_31BF3856AD364E35_8.0.7601.17514_NONE_3EB101CAEC1ACC2C\IE4UINIT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGSETUP.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-LPRPORTMONITOR_31BF3856AD364E35_6.1.7601.17514_NONE_1229A6F0546E2346\LPR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD364E35_6.1.7601.17514_NONE_678566B7DDEA04A5\POQEXEC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..CATIONNOTIFICATIONS_31BF3856AD364E35_6.1.7600.16385_NONE_737951AB23CF8EA0\LOCATIONNOTIFICATIONS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NFS-CLIENTCORE_31BF3856AD364E35_6.1.7601.17514_NONE_0B0882245933A065\NFSCLNT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..PLAYER-SHELLPREVIEW_31BF3856AD364E35_6.1.7600.16385_NONE_1C92C4D88CE86757\WMPRPH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_583A8C60C0B305A1\INFOCARD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEETWCOLLECTOR_31BF3856AD364E35_11.2.9600.16428_NONE_A56DA9E617D4F97E\IEETWCOLLECTOR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ISCSI_INITIATOR_UI_31BF3856AD364E35_6.1.7600.16385_NONE_33E01C5875C2E5CB\ISCSICPL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..G-XPSDOCUMENTWRITER_31BF3856AD364E35_6.1.7601.17514_NONE_80FEA45979A5D3F2\MXDWGC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SCRIPTING_31BF3856AD364E35_6.1.7600.16385_NONE_A45D44BD1A0AF822\WSCRIPT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DEPLOYMENT_31BF3856AD364E35_6.1.7600.16385_NONE_57E3E87206FF08CA\SETUPUGC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..TEMCOMPAREUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_5CBB962A4F0D58C1\FC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TABLETPC-CONTROLPANEL_31BF3856AD364E35_6.1.7601.17514_NONE_3D9977977190CDC4\MULTIDIGIMON.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_NETFX-CLRGC_B03F5F7F11D50A3A_6.1.7601.17514_NONE_AD7A390FA131C970\CLRGC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\EHSCHED.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FORFILES_31BF3856AD364E35_6.1.7600.16385_NONE_B1186146F739D0F1\FORFILES.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..OPERTIESPERFORMANCE_31BF3856AD364E35_6.1.7600.16385_NONE_B6CB9ED71C8B43D5\SYSTEMPROPERTIESPERFORMANCE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONSOLEHOST_31BF3856AD364E35_6.1.7601.17932_NONE_D26A33EC18CB49C4\CONHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RUNONCE_31BF3856AD364E35_6.1.7601.17514_NONE_73E0DA0BD5A77C41\RUNONCE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_6.1.7601.17514_NONE_BF4980401574A899\TRACERPT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..UNTERINFRASTRUCTURE_31BF3856AD364E35_6.1.7600.16385_NONE_CD7AEEFF1897D018\LODCTR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TELNET-SERVER_31BF3856AD364E35_6.1.7600.16385_NONE_EEFCCE9868C6D4B7\TLNTADMN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..X-DIRECTXDIAGNOSTIC_31BF3856AD364E35_6.1.7601.17514_NONE_81E99DA174638311\DXDIAG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURITY-SYSKEY_31BF3856AD364E35_6.1.7600.16385_NONE_74578A893F33207C\SYSKEY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_WCF-SMSVCHOST_B03F5F7F11D50A3A_6.1.7600.16385_NONE_C7F13AF70AC77B22\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-DEVICES-MCX2PROV_31BF3856AD364E35_6.1.7600.16385_NONE_3482237B32C1DAFF\MCX2PROV.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-INTERNETEXPLORER_31BF3856AD364E35_11.2.9600.16428_NONE_11B913172F0CB26F\IEUNATT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_D911DF4E81059B22\DOSKEY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_64\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-MANAGEMENTCONSOLE_31BF3856AD364E35_6.1.7600.16385_NONE_E3C88F07D4C88269\INETMGR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MAIL-APP_31BF3856AD364E35_6.1.7601.17514_NONE_4F7E32F76654BD3C\WINMAIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WPD-SHELLEXTENSION_31BF3856AD364E35_6.1.7601.17514_NONE_6F4EF219DD693CA6\WPDSHEXTAUTOPLAY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\SMSVCHOST\3.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..BOXGAMES-BACKGAMMON_31BF3856AD364E35_6.1.7600.16385_NONE_668D031845881638\BCKGZM.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DIRECTSHOW-DVDPLAY_31BF3856AD364E35_6.1.7600.16385_NONE_5DA314D233BB2676\DVDPLAY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHAREDACCESS_31BF3856AD364E35_6.1.7600.16385_NONE_60C2504D62FD4F0E\ICSUNATTEND.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..VIRONMENT-OS-LOADER_31BF3856AD364E35_6.1.7601.17514_NONE_B94CBFA183466A89\WINLOAD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe
"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 22:02
Reported
2024-11-08 22:04
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
138s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXGAMINGOVERLAY_2.34.28001.0_X64__8WEKYB3D8BBWE\GAMEBAR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ARH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\PWAHELPER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMID.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVACPL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\COMMON.SHOWHELP.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE16\OSPPREARM.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMCLIENTICON.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\VIDEOLAN\VLC\VLC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\MICROSOFTEDGEUPDATE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JP2LAUNCHER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\OFFICE16\MSOICONS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PJ11ICON.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\POLICYTOOL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\GRV_ICONS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.STOREPURCHASEAPP_11811.1001.18.0_X64__8WEKYB3D8BBWE\STOREEXPERIENCEHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\MIP.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.YOURPHONE_0.19051.7.0_X64__8WEKYB3D8BBWE\YOURPHONE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCONSOLE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\JOTICON.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.OFFICE.ONENOTE_16001.12026.20112.0_X64__8WEKYB3D8BBWE\ONENOTESHARE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\READER_SL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH\JAVA.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCMD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SETLANG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\FILECOMPARE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\BHO\IE_TO_EDGE_STUB.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\IDENTITY_HELPER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\RMIREGISTRY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROBROKER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\INTERNET EXPLORER\IEINSTAL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAPACKAGER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JJS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGECOMREGISTERSHELLARM64.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX86\MICROSOFT OFFICE\OFFICE16\DCF\SPREADSHEETCOMPARE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFT3DVIEWER_6.1908.2042.0_X64__8WEKYB3D8BBWE\3DVIEWER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_4.4.8204.0_X64__8WEKYB3D8BBWE\SOLITAIRE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MSPAINT_6.1907.29027.0_X64__8WEKYB3D8BBWE\PAINTSTUDIO.VIEW.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIREGISTRY.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\SSVAGENT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\GRAPH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.NETFX45.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSMAPS_5.1906.1972.0_X64__8WEKYB3D8BBWE\MAPS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATECORE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE16\LICLUA.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAFXPACKAGER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JHAT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG_CW5N1H2TXYEWY\ADDSUGGESTEDFOLDERSTOLIBRARYDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ADDINPROCESS_B77A5C561934E089_4.0.15805.0_NONE_74BABA51266F3010\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_HYPERV-COMPUTE-GUESTCOMPUTESERVICE_31BF3856AD364E35_10.0.19041.1202_NONE_024525BDC81DF50D\VMCOMPUTEAGENT.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACRORD32.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_32\MSBUILD\V4.0_4.0.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGEN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.ASYNCTEXTSERVICE_8WEKYB3D8BBWE\MICROSOFT.ASYNCTEXTSERVICE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_EDMGEN_B77A5C561934E089_4.0.15805.0_NONE_AE80A3049486A75F\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\DFSVC\2.0.0.0__B03F5F7F11D50A3A\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CASPOL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_10.0.19041.1_NONE_82A36C559596820A\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_HYPERV-COMMANDLINE-TOOL_31BF3856AD364E35_10.0.19041.928_NONE_0B17415AE0DD0379\F\HVC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSMON.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\WINDOWS.CBSPREVIEW_CW5N1H2TXYEWY\CAMERABARCODESCANNERPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS32.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.AAD.BROKERPLUGIN_CW5N1H2TXYEWY\MICROSOFT.AAD.BROKERPLUGIN.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_10.0.19041.1_NONE_9202844CD514AB44\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_BSDTAR_31BF3856AD364E35_10.0.19041.1_NONE_0C1F19C50B5E5F6E\TAR.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\RDRSERVICESUPDATER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_REGSQL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WFSERVICESREG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\INPUTAPP\TEXTINPUTHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\SMSVCHOST\3.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\NCSIUWPAPP_8WEKYB3D8BBWE\NCSIUWPAPP.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_INSTALLUTIL_B03F5F7F11D50A3A_4.0.15805.0_NONE_D67D06EF0C4A2E1C\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe
"C:\Users\Admin\AppData\Local\Temp\424cce0ed667aff2ade14ed386884188c4f14fecaf5b810d313407dbcb0953b7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |