Malware Analysis Report

2024-12-07 03:12

Sample ID 241113-s7ha9svcmb
Target 3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe
SHA256 3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999c
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999c

Threat Level: Shows suspicious behavior

The file 3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 15:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 15:45

Reported

2024-11-13 15:47

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SECEDIT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WEXTRACT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRSHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\OPOSHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REKEYWIZ.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESADVANCED.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TTDINJECT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BACKGROUNDTASKHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP\IMJPUEX.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RASPHONE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMEWDBLD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WIAACMGR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLEANMGR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DEVICEPAIRINGWIZARD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EFSUI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SHUTDOWN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMUWPLAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MAVINJECT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SEARCHINDEXER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ICSUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UNREGMP2.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMINFO.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CLOUDNOTIFICATIONS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CMSTP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\NET.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRINTUI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RECOVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SETTINGSYNCHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TCPSVCS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WAITFOR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ATTRIB.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\GETMAC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\F12\IECHOOSER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MMC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PRESENTATIONHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SPEECH_ONECORE\COMMON\SPEECHMODELDOWNLOAD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIPRVSE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AGENTACTIVATIONRUNTIMESTARTER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOFMT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CACLS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPACT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMEPADSV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGISTER-CIMPROVIDER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RDPSAPROXY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSTHEME.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ESENTUTL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\FORFILES.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\HOSTNAME.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PROQUOTA.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SORT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSWPFWRP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COLORCPL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CREDENTIALUIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\PERFHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\ADDINS\MICROSOFT POWER QUERY FOR EXCEL INTEGRATED\BIN\MICROSOFT.MASHUP.CONTAINER.NETFX40.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXGAMEOVERLAY_1.46.11001.0_X64__8WEKYB3D8BBWE\GAMEBAR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIREGISTRY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.ZUNEMUSIC_10.19071.19011.0_X64__8WEKYB3D8BBWE\MUSIC.UI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGECOMREGISTERSHELLARM64.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WALLET_2.4.18324.0_X64__8WEKYB3D8BBWE\MICROSOFT.WALLET.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSALARMS_10.1906.2182.0_X64__8WEKYB3D8BBWE\TIME.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\VISICON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.DESKTOPAPPINSTALLER_1.0.30251.0_X64__8WEKYB3D8BBWE\APPINSTALLERPYTHONREDIRECTOR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXAPP_48.49.31001.0_X64__8WEKYB3D8BBWE\XBOXAPP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.XBOXGAMINGOVERLAY_2.34.28001.0_X64__8WEKYB3D8BBWE\GAMEBAR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\KEYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\WORDCONV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\WOW_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DOWNLOAD\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\CHROME_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFT3DVIEWER_6.1908.2042.0_X64__8WEKYB3D8BBWE\VIEW3D.RESOURCERESOLVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.MICROSOFTOFFICEHUB_18.1903.1152.0_X64__8WEKYB3D8BBWE\LOCALBRIDGE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCALCULATOR_10.1906.55.0_X64__8WEKYB3D8BBWE\CALCULATOR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JAVAPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SKYPESRV\SKYPESERVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVACPL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-001F-0409-1000-0000000FF1CE}\MISC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS PHOTO VIEWER\IMAGINGDEVICES.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.STOREPURCHASEAPP_11811.1001.18.0_X64__8WEKYB3D8BBWE\STOREEXPERIENCEHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\READER_SL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATESETUP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JABSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\JRE\BIN\SERVERTOOL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.PEOPLE_10.1902.633.0_X64__8WEKYB3D8BBWE\PEOPLEAPP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\COOKIE_EXPORTER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WAB.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\JOTICON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.549981C3F5F10_1.1911.21713.0_X64__8WEKYB3D8BBWE\WIN32BRIDGE.SERVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\WSGEN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\JAVA.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE-1.8\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\CLIENT\APPVLP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\SQLDUMPER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JDEPS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMIC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\WSIMPORT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\WINDOWS\INSTALLER\{90160000-000F-0000-1000-0000000FF1CE}\LYNCICON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\123.0.6312.123\INSTALLER\SETUP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JCONSOLE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SDXHELPER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ADOBECOLLABSYNC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\92.0.902.67\MSEDGEWEBVIEW2.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\JSTAT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK-1.8\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\NAMECONTROLSERVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\ADOBE\ACROBAT READER DC\READER\ACRORD32INFO.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE_BK\1.3.147.37\MICROSOFTEDGEUPDATEONDEMAND.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEINSTAL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMPNSS-SERVICE_31BF3856AD364E35_10.0.19041.746_NONE_E180169F2D62E633\WMPNETWK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-IE-IECHOOSER_31BF3856AD364E35_11.0.19041.746_NONE_B60BD945CA2276E4\R\IECHOOSER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_10.0.19041.546_NONE_3F1CC1D15DA468CF\F\TYPEPERF.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PNPUTIL_31BF3856AD364E35_10.0.19041.1151_NONE_7233D7A171B1272A\F\PNPUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_10.0.19041.746_NONE_FF52ABD5CB47BBE1\F\LPKSETUP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OFFICE-CSP_31BF3856AD364E35_10.0.19041.844_NONE_9B62A70F9278F2CD\R\OFDEPLOY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WOW64-LEGACY_31BF3856AD364E35_10.0.19041.1023_NONE_6AEAB5D4BD0371A8\R\SETUP16.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CORESYSTEM-WPR_31BF3856AD364E35_10.0.19041.207_NONE_4054EF70F69F6FF9\R\WPR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-IEXPRESS_31BF3856AD364E35_11.0.19041.1_NONE_4E5E653D48E95632\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_10.0.19041.1_NONE_9AA166E99861C2BC\RWINSTA.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-A..PACKAGEDCWALAUNCHER_31BF3856AD364E35_10.0.19041.1_NONE_A37F8905D149F29B\PACKAGEDCWALAUNCHER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IME-EASHARED-CCSHARED_31BF3856AD364E35_10.0.19041.1_NONE_8C0B126C198FCF70\IMCCPHR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SPECTRUM_31BF3856AD364E35_10.0.19041.1151_NONE_F0B5AFBF42EAFF75\SPECTRUM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-ONECORE-U..IEDWRITEFILTER-MGMT_31BF3856AD364E35_10.0.19041.1266_NONE_41843EFC8F66BC7C\UWFMGR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ACROBROKER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ILASM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSPAINT_31BF3856AD364E35_10.0.19041.746_NONE_6C16D1714D60FDDF\R\MSPAINT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NFS-ADMINCMDTOOLS_31BF3856AD364E35_10.0.19041.1_NONE_6A9F2A3A3265AB31\SHOWMOUNT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..SCREENCONTENTSERVER_31BF3856AD364E35_10.0.19041.746_NONE_E540B68B09558F5A\F\LOCKSCREENCONTENTSERVER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MSINFO32-EXE_31BF3856AD364E35_10.0.19041.1110_NONE_20A89186AEDB6AF7\R\MSINFO32.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AT_31BF3856AD364E35_10.0.19041.1_NONE_02F2B1ED23420C30\AT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DISKPART_31BF3856AD364E35_10.0.19041.1_NONE_1EC972DE354A6D3F\DISKPART.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OS-KERNEL_31BF3856AD364E35_10.0.19041.1288_NONE_E0F8082A6952CE81\NTOSKRNL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..ES-COMMANDLINETOOLS_31BF3856AD364E35_10.0.19041.1_NONE_9AA166E99861C2BC\TSCON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-USERCPL-USERMGRBROKER_31BF3856AD364E35_10.0.19041.746_NONE_F4A55C2C3386ED90\F\USERACCOUNTBROKER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-MEDIAPLAYER-AUTOPLAY_31BF3856AD364E35_10.0.19041.1266_NONE_9A152E76298CD801\R\WMLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4BITMAPIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..CATION-CREDUIBROKER_31BF3856AD364E35_10.0.19041.746_NONE_A8B46AAA6C07CA3D\F\CREDENTIALUIBROKER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WOW64-LEGACY_31BF3856AD364E35_10.0.19041.1_NONE_AC040CCAA73C8C1B\SETUP16.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..OMMANDLINE-DSDBUTIL_31BF3856AD364E35_10.0.19041.1_NONE_996BA223B673811B\DSDBUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-IIS-SHAREDLIBRARIES_31BF3856AD364E35_10.0.19041.906_NONE_F962AB5F47E1E896\F\IISRESET.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-CSHARP_COMPILER_CSC_B03F5F7F11D50A3A_10.0.19041.1_NONE_77B40A18A99E4F02\CSC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-BTH-USER_31BF3856AD364E35_10.0.19041.746_NONE_4D67350A685E1A3A\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..ONMENT-CORE-TCBBOOT_31BF3856AD364E35_10.0.19041.1288_NONE_75442AF2FE19577C\TCBLAUNCH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHELL-PREVIEWHOST_31BF3856AD364E35_10.0.19041.746_NONE_2136AFEF5FADEAA4\R\PREVHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSTEMAPPS\MICROSOFT.CREDDIALOGHOST_CW5N1H2TXYEWY\CREDDIALOGHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ASSIGNEDACCESS-GUARD_31BF3856AD364E35_10.0.19041.844_NONE_10A0A60F1EC9CC10\N\ASSIGNEDACCESSGUARD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-XBOX-GAMEOVERLAY_31BF3856AD364E35_10.0.19041.746_NONE_2703BED0BA809808\GAMEPANEL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..DIRECTPLAY8-PAYLOAD_31BF3856AD364E35_10.0.19041.1_NONE_5D525A67AAE579A5\DPNSVR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..NAGEMENT-APPVCLIENT_31BF3856AD364E35_10.0.19041.264_NONE_AA5417FD2708544D\SCRIPTRUNNER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE-CORE_31BF3856AD364E35_10.0.19041.546_NONE_12E3D70535675C5F\R\DLLHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_NETWORKING-MPSSVC-NETSH_31BF3856AD364E35_10.0.19041.1151_NONE_2E15548DB03A22C8\CHECKNETISOLATION.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-DRIVERQUERY_31BF3856AD364E35_10.0.19041.1_NONE_5668834B68C7E852\DRIVERQUERY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WOW64-LEGACY_31BF3856AD364E35_10.0.19041.1023_NONE_6AEAB5D4BD0371A8\USER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_NETFX-NGEN_EXE_B03F5F7F11D50A3A_10.0.19041.1_NONE_38A57FF5DBA3C9F4\NGEN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUTOCHKCONFIGURATOR_31BF3856AD364E35_10.0.19041.1_NONE_CEB3891C2721FC43\CHKNTFS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..I_INITIATOR_SERVICE_31BF3856AD364E35_10.0.19041.1_NONE_9064B8C1B47576C0\ISCSICLI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_WINDOWS-SENSECLIENT-SERVICE_31BF3856AD364E35_10.0.19041.1288_NONE_1CEC63974464878F\SENSECE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-NEWDEV_31BF3856AD364E35_10.0.19041.1_NONE_D1BC032A24676029\NDADMIN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CTTUNE_31BF3856AD364E35_10.0.19041.1_NONE_697599F55DE29EC6\CTTUNE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..S-DATAUSAGEHANDLERS_31BF3856AD364E35_10.0.19041.746_NONE_DBECC8A3CDC7C3CF\R\DATAUSAGELIVETILETASK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SETUPAPI_31BF3856AD364E35_10.0.19041.1237_NONE_A9B815907B71FE1A\F\WOWREG32.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-OPENFILES_31BF3856AD364E35_10.0.19041.1_NONE_9D17748489C1B07E\OPENFILES.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..NCETOOLSCOMMANDLINE_31BF3856AD364E35_10.0.19041.546_NONE_3F1CC1D15DA468CF\R\TRACERPT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-NET1-COMMAND-LINE-TOOL_31BF3856AD364E35_10.0.19041.844_NONE_64D33F8FB364398C\R\NET1.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WHOAMI_31BF3856AD364E35_10.0.19041.1_NONE_8EC2362C55947137\WHOAMI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-LPKSETUP_31BF3856AD364E35_10.0.19041.153_NONE_FF44CFA7CB529CE3\R\LPREMOVE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-CHKDSK_31BF3856AD364E35_10.0.19041.1_NONE_822C11B6606EC606\CHKDSK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_SECURITY-OCTAGON-BROKER_31BF3856AD364E35_10.0.19041.546_NONE_380485EDEBA9F4C4\SGRMLPAC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-ONEDRIVE-SETUP_31BF3856AD364E35_10.0.19041.1_NONE_E585F901F9CE93E6\ONEDRIVESETUP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGIIS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..CES-BACKGROUNDAGENT_31BF3856AD364E35_10.0.19041.423_NONE_D8A242BF396F7D4D\SPACEAGENT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-MEDIAPLAYER-SETUP_31BF3856AD364E35_10.0.19041.1266_NONE_22B99D078BBC3016\F\SETUP_WM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..HRESHOLD-ADMINFLOWS_31BF3856AD364E35_10.0.19041.1_NONE_D69D2C25BD407A87\SYSTEMSETTINGSADMINFLOWS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe

"C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/1036-0-0x0000000000400000-0x000000000040F000-memory.dmp

memory/1036-2-0x0000000000400000-0x000000000040F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 15:45

Reported

2024-11-13 15:47

Platform

win7-20241023-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMINFO.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\UPNPCONT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PING.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\PROQUOTA.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\BOOTCFG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MUIUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WSMPROVHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WEVTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\ROBOCOPY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ARP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\HH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SXSTRACE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\DRIVERQUERY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\VERCLSID.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\POSTMIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\LODCTR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYNCHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPDSVR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CALC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\EVENTCREATE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\REGISTERIEPKEYS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WERMGR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COLORCPL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CONVERT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\INSTALLSHIELD\_ISDEL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SCHTASKS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WHERE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WUAPP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\INSTNM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\MMC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CTTUNESVR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESPROTECTION.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WECUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\CTFMON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\AUTOCONV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\CHKDSK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SDBINST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SETUPUGC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SBUNATTEND.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\TPMINIT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TZUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DNSCACHEUGC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\RRINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COMP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESCOMPUTERNAME.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMEJP10\IMJPUEX.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WBEM\WINMGMT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\COM\MIGREGDB.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMCCPHR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\WINRS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\DXDIAG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\IME\IMETC10\IMTCPROP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\ODBCAD32.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESREMOTE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\regedit.exe C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TAKEOWN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\RUNAS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\SysWOW64\TSWPFWRP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MISC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\KLIST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER6\ADOBE_UPDATER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\ODEPLOY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\EXCELCNV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE_INSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SETLANG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WABMIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\EXTCHECK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JSTATD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\TEXTCONV\WKSCONV\WKCONV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\106.0.5249.119\NOTIFICATION_HELPER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS JOURNAL\PDIALOG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPENC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\POLICYTOOL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\MIP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INKWATSON.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVA-RMI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVACPL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JARSIGNER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OUTLOOK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KTAB.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\1033\ONELEV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\GROOVEMN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SHAPECOLLECTOR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\UNPACK200.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PINGSENDER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPDMC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\7-ZIP\7Z.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\PURBLE PLACE\PURBLEPLACE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\WSGEN.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WINMAIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JPS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOICONS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JABSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAWS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\ORBD.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\RMID.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MULTIPLAYER\BACKGAMMON\BCKGZM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\SPIDERSOLITAIRE\SPIDERSOLITAIRE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JINFO.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\VBC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EHOME-SERVICES-EHRECVR_31BF3856AD364E35_6.1.7601.17514_NONE_1B8F8373383DE46A\EHRECVR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\HH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGBROWSERS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-ICM-UI_31BF3856AD364E35_6.1.7600.16385_NONE_A0A25363EEE12F40\COLORCPL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-GETMAC_31BF3856AD364E35_6.1.7600.16385_NONE_0BD4ECDE034EA7DA\GETMAC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\ASSEMBLY\GAC_MSIL\MICROSOFT.WORKFLOW.COMPILER\V4.0_4.0.0.0__31BF3856AD364E35\MICROSOFT.WORKFLOW.COMPILER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..ING-MANAGEMENT-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_2D3B8FF08901343F\DISMHOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-M..S-MDAC-ODBCCONF-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_0D4D30A05370CB73\ODBCCONF.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-S..MPROPERTIESADVANCED_31BF3856AD364E35_6.1.7600.16385_NONE_F71EDDFB459A0155\SYSTEMPROPERTIESADVANCED.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TABLETPC-INPUTPANEL_31BF3856AD364E35_6.1.7601.17514_NONE_6FB51B358E21D75F\TABTIP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-RUNLEGACYCPLELEVATED_31BF3856AD364E35_6.1.7600.16385_NONE_10E2654156A06B06\RUNLEGACYCPLELEVATED.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-TCPIP-UTILITY_31BF3856AD364E35_6.1.7601.17514_NONE_34CE5D95AD203BBE\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\ADDINPROCESS32.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EXPLORER_31BF3856AD364E35_6.1.7601.17514_NONE_AFDAAC81905BF900\EXPLORER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-MANAGEMENTCONSOLE_31BF3856AD364E35_6.1.7600.16385_NONE_E3C88F07D4C88269\INETMGR.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..YER-SIDESHOW-GADGET_31BF3856AD364E35_6.1.7600.16385_NONE_841E9494C8A32794\WMPSIDESHOWGADGET.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYSPREP_31BF3856AD364E35_6.1.7600.16385_NONE_4B73926C122BE805\SYSPREP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-MEDIAPLAYER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_73E472E09A1A05D1\WMPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-B..IONDATA-CMDLINETOOL_31BF3856AD364E35_6.1.7601.17514_NONE_E6510234BBCB2A8C\BCDEDIT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\MSIL_WSATCONFIG_B03F5F7F11D50A3A_6.1.7601.17514_NONE_DD3A06567424A01B\WSATCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-SCRIPTING_31BF3856AD364E35_6.1.7600.16385_NONE_AEB1EF0F4E6BBA1D\WSCRIPT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TIME-TOOL_31BF3856AD364E35_6.1.7600.16385_NONE_48FE0CFD559F80AD\W32TM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\COMSVCCONFIG\3.0.0.0__B03F5F7F11D50A3A\COMSVCCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CLIP_31BF3856AD364E35_6.1.7600.16385_NONE_03D0D3C435B27637\CLIP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-BTH-USER_31BF3856AD364E35_6.1.7601.17514_NONE_CD93EFAD202E5FB6\BTHUDTASK.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-WMI-CORE-SVC_31BF3856AD364E35_6.1.7601.17514_NONE_092D6B9141F16ACA\WINMGMT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-NETPLWIZ-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_ED2D0AE971B57E8D\NETPLWIZ.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-U..OUNTCONTROLSETTINGS_31BF3856AD364E35_6.1.7601.17514_NONE_85AC7BD736DDA285\USERACCOUNTCONTROLSETTINGS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CERTUTIL_31BF3856AD364E35_6.1.7600.16385_NONE_1179F9944D0D9973\CERTUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CONTROL_31BF3856AD364E35_6.1.7600.16385_NONE_F560EAE4C42EDB14\CONTROL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..CATIONNOTIFICATIONS_31BF3856AD364E35_6.1.7600.16385_NONE_737951AB23CF8EA0\LOCATIONNOTIFICATIONS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SESSION0VIEWER_31BF3856AD364E35_6.1.7600.16385_NONE_3DDBD9A9605F0519\UI0DETECT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX35LINQ-CSHARP_31BF3856AD364E35_6.1.7601.17514_NONE_7551B4792AC9630D\CSC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-W..OMMAND-LINE-UTILITY_31BF3856AD364E35_6.1.7600.16385_NONE_A1802B822E2A878C\WMIC.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BCDBOOT-CMDLINETOOL_31BF3856AD364E35_6.1.7601.17514_NONE_BF7BEA0454C3F0CF\BCDBOOT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-S..INBOXGAMES-CHECKERS_31BF3856AD364E35_6.1.7601.17514_NONE_D467C138CBCE0B24\CHKRZM.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..FOR-MANAGEMENT-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_288B7ACEC3A75696\WSMANHTTPCONFIG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-I..ETEXPLORER-OPTIONAL_31BF3856AD364E35_8.0.7601.17514_NONE_1BEB53526FC80C8D\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-ADAPTERTROUBLESHOOTER_31BF3856AD364E35_6.1.7600.16385_NONE_D1D79DD7E49A786F\ADAPTERTROUBLESHOOTER.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_STATE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-XCOPY_31BF3856AD364E35_6.1.7600.16385_NONE_BEEA9C500DFD4622\XCOPY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..-JAPANESE-UTILITIES_31BF3856AD364E35_6.1.7601.17514_NONE_EF38A8D0D05CC2C7\IMJPDCT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-IE-IECLEANUP_31BF3856AD364E35_11.2.9600.16428_NONE_441ECCC2F13EAB51\IECLEANUP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-N..PROTECTION-STATUSUI_31BF3856AD364E35_6.1.7600.16385_NONE_3D715A438950CE7B\NAPSTAT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-S..LINE-USER-INTERFACE_31BF3856AD364E35_6.1.7600.16385_NONE_DCBDC8E83E2B98BE\CMDKEY.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..OTOCOL-HOST-SERVICE_31BF3856AD364E35_6.1.7600.16385_NONE_E63ED98817CF16B1\EAP3HOST.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\DATASVCUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..AC-SQL-CLICONFG-EXE_31BF3856AD364E35_6.1.7600.16385_NONE_CC12387F7062EB3B\CLICONFG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-IE-IEXPRESS_31BF3856AD364E35_8.0.7600.16385_NONE_7F0C7A3C17077FCE\IEXPRESS.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\EHEXTHOST32\C899DE3549784161AA66610D5735E4F0\EHEXTHOST32.NI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-DISPLAYSWITCH_31BF3856AD364E35_6.1.7600.16385_NONE_EC98071C85CF09EB\DISPLAYSWITCH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_7CF343CAC8A829EC\PRINT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-S..NATIVE-WHITEBOX-ISV_31BF3856AD364E35_6.1.7601.17514_NONE_EB5947EA4DEBCF36\RMACTIVATE_ISV.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FTP_31BF3856AD364E35_6.1.7601.17514_NONE_0B11635F6F2987F7\FTP.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\INSTALLUTIL.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\CVTRES.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-M..PLAYER-SHELLPREVIEW_31BF3856AD364E35_6.1.7600.16385_NONE_26E76F2AC1492952\WMPRPH.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MSBUILD\AF28543D9B3E7D9F110448ECCE53CD72\MSBUILD.NI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-MAPI_31BF3856AD364E35_6.1.7601.17514_NONE_AD54AB3A7801C830\FIXMAPI.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SYSINFO_31BF3856AD364E35_6.1.7600.16385_NONE_4B49A2C2123FD42C\SYSTEMINFO.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-W..WSUPDATECLIENT-CORE_31BF3856AD364E35_7.5.7601.17514_NONE_1F3413AFC64D10C5\WUAUCLT.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-P..NFIGURATION-CMDLINE_31BF3856AD364E35_6.1.7600.16385_NONE_09320E5AE212B9D9\POWERCFG.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A
File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-RASCLIENTTOOLS_31BF3856AD364E35_6.1.7600.16385_NONE_6F1D25EC0A04D811\RASPHONE.EXE C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe

"C:\Users\Admin\AppData\Local\Temp\3d7f21f342ecde5b56f906da6b658fddf30d05257dd860ebd373c5515fd8999cN.exe"

Network

N/A

Files

memory/2372-0-0x0000000000400000-0x000000000040F000-memory.dmp

memory/2372-3-0x0000000000400000-0x000000000040F000-memory.dmp