Analysis Overview
SHA256
58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea
Threat Level: Shows suspicious behavior
The file 58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:02
Reported
2024-11-08 23:05
Platform
win7-20241023-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_6.1.7600.16385_NONE_96421D40C0E2903E\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ANYTIME-UPGRADE_31BF3856AD364E35_6.1.7600.16385_NONE_FB591B6CF023ADE3\WINDOWSANYTIMEUPGRADE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-APPID_31BF3856AD364E35_6.1.7601.17514_NONE_B57215BAC8C6D647\APPIDCERTSTORECHECK.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-DEVICES-MCXTASK_31BF3856AD364E35_6.1.7600.16385_NONE_B6BC1AAE9D0693C5\MCXTASK.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ODEUPDATE-SERVICING_31BF3856AD364E35_6.1.7600.16385_NONE_FF7CF696BFB54620\UCSVC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSAUDITEVTLOG_31BF3856AD364E35_6.1.7600.16385_NONE_23376BF5921E7B63\AUDITPOL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..LINE-USER-INTERFACE_31BF3856AD364E35_6.1.7600.16385_NONE_38DC646BF68909F4\CMDKEY.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_6.1.7601.17514_NONE_BF4980401574A899\TRACERPT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ALG_31BF3856AD364E35_6.1.7600.16385_NONE_04DE43C774CF8FE3\ALG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BTH-USER_31BF3856AD364E35_6.1.7601.17514_NONE_C33F455AEBCD9DBB\BTHUDTASK.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EVENTCREATE_31BF3856AD364E35_6.1.7600.16385_NONE_3157C24B5944E2A3\EVENTCREATE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_6.1.7601.17514_NONE_7F7F66788318015D\LPREMOVE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NFS-CLIENTCMDTOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_AD5854CA0A23343D\UMOUNT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PNPHOTPLUGUI_31BF3856AD364E35_6.1.7600.16385_NONE_44D62330646F757A\DEVICEEJECT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE_31BF3856AD364E35_6.1.7600.16385_NONE_A018E05D0D33081D\DLLHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..ONWIZARDAPPLICATION_31BF3856AD364E35_6.1.7601.17514_NONE_18A11C58AAF4D08C\MIGWIZ.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPTIONALTSPS_31BF3856AD364E35_6.1.7600.16385_NONE_3DF12FEBE293CE5D\TCMSETUP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\PUBS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONSOLEHOST_31BF3856AD364E35_6.1.7601.22091_NONE_D2B1C721321AADF8\CONHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DISPDIAG_31BF3856AD364E35_6.1.7600.16385_NONE_A0D95AFC49C833B6\DISPDIAG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ERRORREPORTINGFAULTS_31BF3856AD364E35_6.1.7601.17514_NONE_CE2D22115368DB7A\WERFAULTSECURE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NET1-COMMAND-LINE-TOOL_31BF3856AD364E35_6.1.7601.17514_NONE_E501F8E06B32B48F\NET1.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-FEEDSBS_31BF3856AD364E35_11.2.9600.16428_NONE_DEA50217EFD0356B\MSFEEDSSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..RASTRUCTURECONSUMER_31BF3856AD364E35_6.1.7601.17514_NONE_1202940E4711971E\PLASRV.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REMOTEASSISTANCE-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_934D08D31B96D4EE\MSRA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\OISICON.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_583A8C60C0B305A1\INFOCARD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..ETEXPLORER-OPTIONAL_31BF3856AD364E35_8.0.7601.17514_NONE_1196A9003B674A92\IEXPLORE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NOTEPADWIN_31BF3856AD364E35_6.1.7600.16385_NONE_9EBEBE8614BE1470\NOTEPAD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ROBOCOPY_31BF3856AD364E35_6.1.7601.17514_NONE_252D34F00303C6FA\ROBOCOPY.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..CLIENT-APPLICATIONS_31BF3856AD364E35_6.1.7601.17514_NONE_D71FB1D63F05EF22\WFS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-FEEDSBS_31BF3856AD364E35_8.0.7601.17514_NONE_752E3BB068638683\MSFEEDSSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..TING-TOOLS-PRINTBRM_31BF3856AD364E35_6.1.7601.17514_NONE_DFE02DE35BF41E0B\PRINTBRMUI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-REGISTRY-EDITOR_31BF3856AD364E35_6.1.7600.16385_NONE_5023A70BF589AD3E\REGEDT32.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..EXECUTIONPREVENTION_31BF3856AD364E35_6.1.7600.16385_NONE_25D85B4A3E4A7709\SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\COMSVCCONFIG\2BD538D545E15452202EF3B41080E2CE\COMSVCCONFIG.NI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-HELP-CLIENT_31BF3856AD364E35_6.1.7600.16385_NONE_C80D81C947C7B794\HELPPANE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RECOVER_31BF3856AD364E35_6.1.7600.16385_NONE_E2083F75CE4C0619\RECOVER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\MCXTASK.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\WTVCONVERTER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSCORSVW.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DIANTZ_31BF3856AD364E35_6.1.7600.16385_NONE_02BB0612DC529329\DIANTZ.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..AC-SQL-CLICONFG-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_CC12387F7062EB3B\CLICONFG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ATIBILITY-ASSISTANT_31BF3856AD364E35_6.1.7600.16385_NONE_8FBB77BB3CD808D1\PCALUA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ION-TELEMETRY-AGENT_31BF3856AD364E35_6.1.7601.17514_NONE_3092574C7D41010B\AITAGENT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-RASCONNECTIONMANAGER_31BF3856AD364E35_6.1.7601.17514_NONE_BD4644E077251730\CMDL32.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_698FC88E65B943D6\WMPCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\BFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\EHSHELL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\EHOME\LOADMXF.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe
"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"
Network
Files
memory/3012-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/3012-3-0x0000000000400000-0x000000000041A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 23:02
Reported
2024-11-08 23:05
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOUC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX86\MICROSOFT SHARED\EQUATION\EQNEDT32.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\SQLDUMPER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\KLIST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.LOADER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTSTICKYNOTES_3.6.73.0_X64__8WEKYB3D8BBWE\MICROSOFT.NOTES.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPLAYER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\GRV_ICONS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMADMINICON.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\UPDATER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MIXEDREALITY.PORTAL_2000.19081.1301.0_X64__8WEKYB3D8BBWE\MIXEDREALITYPORTAL.BROKERED.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVA-RMI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\WORDCONV.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\IDENTITY_HELPER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACROLAYOUTRECOGNIZER\ACROLAYOUTRECOGNIZER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\PIPANEL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATECORE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOASB.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-040C-1000-0000000FF1CE}\MISC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.GETSTARTED_8.2.22942.0_X64__8WEKYB3D8BBWE\FMUI\FMUI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXIDENTITYPROVIDER_12.50.6001.0_X64__8WEKYB3D8BBWE\XBOXIDP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLECRASHHANDLER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\CHRMSTP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\INTERNET EXPLORER\EXTEXPORT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\MAINTENANCESERVICE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\LOGTRANSPORT2.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.371\GOOGLEUPDATEONDEMAND.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\JAVA-RMI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\MSOIA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\WORDICON.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.ZUNEVIDEO_10.19071.19011.0_X64__8WEKYB3D8BBWE\VIDEO.UI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CLICKTORUN\APPVSHNOTIFY.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\OSMCLIENTICON.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\CORTANA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\INSTALLER\SETUP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\KTAB.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVAW.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATECORE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\CHROME_PWA_LAUNCHER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\KINIT.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\WOW_HELPER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JAUREG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\GRAPH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGECOMREGISTERSHELLARM64.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWS.PHOTOS_2019.19071.12548.0_X64__8WEKYB3D8BBWE\MICROSOFT.PHOTOS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCAMERA_2018.826.98.0_X64__8WEKYB3D8BBWE\WINDOWSCAMERA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMID.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\CLIENT\APPVDLLSURROGATE32.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.BIOENROLLMENT_CW5N1H2TXYEWY\BIOENROLLMENTHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADELRCP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CASPOL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\REGASM.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WPF\XAMLVIEWER\XAMLVIEWER_V0300.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\EDMGEN.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.CREDDIALOGHOST_CW5N1H2TXYEWY\CREDDIALOGHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPREP.CHXAPP_CW5N1H2TXYEWY\CHXSMARTSCREEN.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\LOGTRANSPORT2.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4BITMAPIBROKER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ADOBE-FLASH-FOR-WINDOWS_31BF3856AD364E35_10.0.19041.82_NONE_2358A116979CC599\FLASHUTIL_ACTIVEX.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\INSTALLUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\NGENTASK.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ILASM.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.XGPUEJECTDIALOG_CW5N1H2TXYEWY\XGPUEJECTDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CVTRES.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CVTRES.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_REGSQL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\EULA.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_32\MSBUILD\V4.0_4.0.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINUTIL.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\WSATCONFIG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ADOBECOLLABSYNC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\APPLAUNCH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DFSVC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\VBC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_COMPILER_B03F5F7F11D50A3A_4.0.15805.0_NONE_73CC8B3E43BA1056\ASPNET_COMPILER.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\ASSEMBLY\GAC_32\MSBUILD\3.5.0.0__B03F5F7F11D50A3A\MSBUILD.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\BITLOCKERDISCOVERYVOLUMECONTENTS\BITLOCKERTOGO.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.XBOXGAMECALLABLEUI_CW5N1H2TXYEWY\XBOX.TCUI.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\HH.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\NETFXSBS10.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_4.0.15805.0_NONE_646D7347043BE71C\ASPNET_REGBROWSERS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\JSC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\PRINTDIALOG\PRINTDIALOG.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\SMSVCHOST\V4.0_4.0.0.0__B03F5F7F11D50A3A\SMSVCHOST.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_WP.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\SYSTEMAPPS\MICROSOFT.WINDOWS.APPRESOLVERUX_CW5N1H2TXYEWY\APPRESOLVERUX.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
| File opened for modification | C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\ADDINPROCESS.EXE | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe
"C:\Users\Admin\AppData\Local\Temp\58fe399b4515136d9190dd1d7a9654c7a5b43ec1e15e063839a6625f8a326bea.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1836-0-0x0000000000400000-0x000000000041A000-memory.dmp
memory/1836-2-0x0000000000400000-0x000000000041A000-memory.dmp