d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a

Analysis

max time kernel
122s
max time network
125s
platform
windows10_x64
resource
win10-en-20211208
submitted
30/12/2021, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4kvideodownloader_4.18_x64Crack.exe
Size

24.3MB
MD5

346b3c83128f1918b162694eec15963d
SHA1

8c363d01e47d6dffd66044b1a34a78c5a1aac59c
SHA256

d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a
SHA512

d69ec8e35d293f0b78543ddef48d9a4e2e2b4c372336ddb70a5aa4438611c8517b84d344fb250f7a3b14b1cde0d5eb963a9145c82b72f2e1ef807ded385cba6c

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\README.txt

Ransom Note

Do not close this message !!! Hi, don't worry. All of your files have been encrypted. To return your files, you need to send 0.003 bitcoin to the address 1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ if within 10 hours there is no payment, all your files will be deleted ... You can pay through various crypto-exchanges (Binance, Coinbase and others), crypto exchanges or from your personal bitcoin wallet. After payment you will receive a decoder and an unlock key and all your files will be unlocked. Do not try to unlock it yourself, you will only waste time, and after 10 hours all files will be deleted. A strong encryption method is used for encryption. Communication after payment telegram: @crypto_support_id_43274

Wallets

1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ

Signatures

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\ConvertConnect.png => C:\Users\Admin\Pictures\ConvertConnect.png.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Users\Admin\Pictures\ExportTest.tiff	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\ExportTest.tiff => C:\Users\Admin\Pictures\ExportTest.tiff.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\MoveResume.tif => C:\Users\Admin\Pictures\MoveResume.tif.CRYPT	4kvideodownloader_4.18_x64Crack.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.txt	4kvideodownloader_4.18_x64Crack.exe

Loads dropped DLL 35 IoCs

pid	Process
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe
1184	4kvideodownloader_4.18_x64Crack.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File created	C:\Users\Admin\Contacts\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Media\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Fonts\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Favorites\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Desktop\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Downloads\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Downloads\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\OneDrive\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Videos\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Links\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Pictures\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Offline Web Pages\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Documents\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Libraries\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Downloaded Program Files\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Pictures\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Music\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Videos\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\$Recycle.Bin\S-1-5-21-2361464256-2201551969-2316606395-1000\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	4kvideodownloader_4.18_x64Crack.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\bcdboot.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DeviceEject.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dllhost.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\bdeunlock.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\change.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\diskpart.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DsmUserTask.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\calc.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\csrss.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\@bitlockertoastimage.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\@WindowsUpdateToastIcon.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\acu.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\ApproveChildRequest.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\chgusr.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\desktopimgdownldr.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dsregcmd.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\@WwanSimLockIcon.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\appidtel.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\bootim.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\chgport.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\control.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\Defrag.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\AgentService.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\audiodg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\baaupdate.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\CloudNotifications.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\compact.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\CompMgmtLauncher.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cscript.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\Dism.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\AppHostRegistrationVerifier.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\autofmt.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\BdeHdCfg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cmdkey.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\djoin.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\clip.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DFDWiz.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cttune.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dfrgui.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dmclient.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drvcfg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\aitstatic.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\bcdedit.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\BdeUISrv.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\convert.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\ddodiag.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\ApplicationFrameHost.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dasHost.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DataUsageLiveTileTask.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dcomcnfg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\BitLockerWizard.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\CloudExperienceHostBroker.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dpapimig.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\driverquery.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\AtBroker.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\CertEnrollCtrl.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cmmon32.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\dccw.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cipher.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\diskraid.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\@AudioToastIcon.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\appidpolicyconverter.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\bitsadmin.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\bridgeunattend.exe	4kvideodownloader_4.18_x64Crack.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\MedTile.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\Assets\Office\CenterView.scale-140.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\OneConnectWideTile.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d3.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-400.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\na_16x11.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Assets\Images\win_logo_white.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-125_contrast-white.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\MainPageState2\klondike_bp_920.jpg	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\5671_24x24x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\index.html	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\6536_32x32x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\MedTile.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\EmbossBitmaps\Rounded Rectangle.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-36_altform-unplated.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\1725_32x32x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-150.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\themes_frame.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Classic\mask\13h.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\1251_36x36x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-150.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-60.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Tournament\SampleCompetitor1.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\fonts\symbol.ttf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\manifestAssets\contrast-white\Square310x310Logo.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2017.130.1208.0_neutral_~_8wekyb3d8bbwe\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\DailyChallenges\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\ThemePreview\Effects\Leaves.jpg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_wob.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\generic-rhp-app-tool-view.js	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\en_get.svg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-100_kzf8qxf38zg5c\SkypeApp\Assets\LockScreenBadgeLogo.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-48.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png	4kvideodownloader_4.18_x64Crack.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\INF\ServiceModelEndpoint 3.0.0.0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\EmbossBitmaps\Sun_icon.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Awards\klondike\Snowfall_Success_.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Western\mask\mask_corners_king.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-250.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Fonts\smaf1257.fon	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\manifestAssets\StoreLogo.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorSmallTile.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-256_altform-unplated.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-white.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Provisioning\Packages\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S356e1ba0#\4c65bef2572d7db12814d2332b75de8f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\en-us\pages\wefgalleryonenoteinsertwinrt.htm	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\8576_40x40x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.AppV.AppVClientWmi.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Media\Alarm07.wav	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Uev.ManagedAgentWmi\v4.0_10.0.0.0__31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\PrintDialog\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\EventViewer\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\1031\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-unplated_contrast-white.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb00013.log	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200_contrast-black.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Awards\freecell\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\Assets\PeopleAppList.targetsize-64.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-150.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\PLA\Reports\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\INF\rdyboost\0000\ReadyBoostPerfCounters.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-white_scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\7656_24x24x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Boot\DVD\PCAT\etfsboot.com	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\2494_48x48x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\MedTile.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_store.targetsize-48.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe\Assets\MusicStoreLogo.scale-150.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\ag_16x11.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-150.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-100.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\mz_16x11.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-125.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\strings\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\small\rain.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\WideTile.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileLargeSquare.scale-200.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\7260_32x32x32.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO\v4.0_4.0.0.0__b03f5f7f11d50a3a\README.txt	4kvideodownloader_4.18_x64Crack.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1184	1552	4kvideodownloader_4.18_x64Crack.exe	69
PID 1552 wrote to memory of 1184	1552	4kvideodownloader_4.18_x64Crack.exe	69

C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
"C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
  2⤵
  - Modifies extensions of user files
  - Drops startup file
  - Loads dropped DLL
  - Drops desktop.ini file(s)
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...