d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a

Analysis

max time kernel
118s
max time network
77s
platform
windows7_x64
resource
win7-en-20211208
submitted
30/12/2021, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4kvideodownloader_4.18_x64Crack.exe
Size

24.3MB
MD5

346b3c83128f1918b162694eec15963d
SHA1

8c363d01e47d6dffd66044b1a34a78c5a1aac59c
SHA256

d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a
SHA512

d69ec8e35d293f0b78543ddef48d9a4e2e2b4c372336ddb70a5aa4438611c8517b84d344fb250f7a3b14b1cde0d5eb963a9145c82b72f2e1ef807ded385cba6c

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\README.txt

Ransom Note

Do not close this message !!! Hi, don't worry. All of your files have been encrypted. To return your files, you need to send 0.003 bitcoin to the address 1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ if within 10 hours there is no payment, all your files will be deleted ... You can pay through various crypto-exchanges (Binance, Coinbase and others), crypto exchanges or from your personal bitcoin wallet. After payment you will receive a decoder and an unlock key and all your files will be unlocked. Do not try to unlock it yourself, you will only waste time, and after 10 hours all files will be deleted. A strong encryption method is used for encryption. Communication after payment telegram: @crypto_support_id_43274

Wallets

1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ

Signatures

Drops file in Drivers directory 27 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\gmreadme.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\etc\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe

Modifies extensions of user files 5 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\CopySkip.png => C:\Users\Admin\Pictures\CopySkip.png.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\ExitExport.tif => C:\Users\Admin\Pictures\ExitExport.tif.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Users\Admin\Pictures\PopInitialize.tiff	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\PopInitialize.tiff => C:\Users\Admin\Pictures\PopInitialize.tiff.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\RequestClear.tif => C:\Users\Admin\Pictures\RequestClear.tif.CRYPT	4kvideodownloader_4.18_x64Crack.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.txt	4kvideodownloader_4.18_x64Crack.exe

Loads dropped DLL 35 IoCs

pid	Process
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File created	C:\Users\Admin\Favorites\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Fonts\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Recorded TV\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-US\Link\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Desktop\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Favorites\Links for United States\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Architecture\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.1.7600.16385_none_bf396ba9226e0702\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\S3IV548V\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-reg-inf_31bf3856ad364e35_6.1.7601.17514_none_535245f3d98ecb9a\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\K819CMRP\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_add5a10aa4d614d5\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Videos\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Media\Raga\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Documents\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Documents\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Desktop\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Characters\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-gb-links-component_31bf3856ad364e35_6.1.7601.17514_none_0ea01e97df141032\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Downloaded Program Files\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Downloads\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7601.17514_none_da0c2f9edf5b1353\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-CA\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fontview.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\nbtstat.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\eval\HomePremiumN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\whoami.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\eval\EnterpriseN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\winrm\0411\winrm.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\catroot2\edb00648.log	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\migwiz\dlmanifests\Networking-MPSSVC-Svc\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\MsSpellCheckingFacility.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\_Default\StarterN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\IME\imekr8\dicts\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\regedt32.exe	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\catroot2\edb00656.log	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\Tasks\Microsoft\Windows\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\FXSUNATD.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\_Default\UltimateE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\pl-PL\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\takeown.exe	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\MpSigStub.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc6200t.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\eval\Professional\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\fr-FR\Licenses\eval\Starter\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cmd.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\setspn.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\smc660u.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_remote_requirements.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\reg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\OEM\HomePremiumN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\qappsrv.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\sv-SE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\OEM\EnterpriseN\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\_Default\EnterpriseN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\fr-FR\Licenses\eval\EnterpriseE\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\certreq.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_neutral_407146dba80d1566\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpj5500t.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\migwiz\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\slmgr\0409\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt	4kvideodownloader_4.18_x64Crack.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\lua\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\MSBuild\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Journal\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck.css	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Mail\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Google\Update\Install\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\README.txt	4kvideodownloader_4.18_x64Crack.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_6.1.7601.17514_none_bfcee980bbe30f58\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Boot\PCAT\it-IT\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8de299667260b24\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artcon5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d302b305da9d4d36\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_452c0c8569276078\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Boot\PCAT\el-GR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_es-es_158bc115e2940d3e\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-tablet.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c1c73d3a91d32fe3\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_2ad03056b4ecc39f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8f82e1fe7f14695\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_03a64131170229c8\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5b0bdba3fab9e84a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\servicing\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_mdmbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_685a3655fa43badb\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_322a68aa903c6393\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\318bddc9cc3ccb7fa1bb1f7942052c65\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_be5563437dd3422f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_988750cdbb618ede\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_399bb48ff329ff89\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_763d8b4172e31c4f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_7fa235f41a25ecb3\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7\times.ttf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c985fbedc9886bd1\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6907a3e37816f6e\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\_NetworkingPerfCounters.h	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_mdmwhql0.inf_31bf3856ad364e35_6.1.7600.16385_none_76b82b0e7bb69660\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_es_31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\7e530f5e8b7aa2d04f08ddb9a1597007\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1042\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_6.1.7600.16385_de-de_742018b6bfea81b9\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b9b82aa242001e6\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd98fb6063b5d148\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..-printbrm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a539a0b50e5f0d40\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_af35a648b3029ded\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Fonts\8514fixg.fon	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1053\LocalizedData.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f857fc5d27997dae\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-ms_serif_31bf3856ad364e35_6.1.7600.16385_none_2670fbc842c5cd2f\seriffg.fon	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598\georgia.ttf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_es-es_246322b71661d834\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\PLA\Rules\en-US\Rules.System.Memory.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020422_31bf3856ad364e35_6.1.7600.16385_none_89e4f7a262c2326c\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Windows_PowerShell_ISE.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\shadow.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5d0f494f1be2367fb0a634956f719965\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\inf\.NET CLR Networking 4.0.0.0\0008\_Networkingperfcounters.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_left.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..eraccount.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e185cfc7615ec6b0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4fd47b5a961f72f2\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-riched32_31bf3856ad364e35_6.1.7601.17514_none_fb26b945993b2f11\README.txt	4kvideodownloader_4.18_x64Crack.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
676	NOTEPAD.EXE
240	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1372	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1372	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	27
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	27
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	27

C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
"C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
  2⤵
  - Drops file in Drivers directory
  - Modifies extensions of user files
  - Drops startup file
  - Loads dropped DLL
  - Drops desktop.ini file(s)
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:1312

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1372

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1636

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-53-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

Filesize
8KB

Download