Analysis
-
max time kernel
151s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 04:32
Behavioral task
behavioral1
Sample
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe
Resource
win10v2004-20220901-en
General
-
Target
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe
-
Size
7KB
-
MD5
0fe9aea31913d392769cc6bf40d2af61
-
SHA1
6caf7328e9abb5ce35dc7a4b3eb39726165f9877
-
SHA256
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5
-
SHA512
c6c617c069696ffb1e0d8c1381de90deac18ad6551e8ad864a32747d5e065e6054d2bcdf96769bb33c1728402b760abfb70a414ff4ee52aa4aea8182556aa65d
-
SSDEEP
96:V4Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx5ZWznr1x+V4peJSpNMB:Ozdrr1FG1WDCgmjPZ+zn5criNMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1848-132-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1848-133-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Drops file in Drivers directory 3 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Processes:
resource yara_rule behavioral2/memory/1848-132-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1848-133-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops startup file 1 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Drops file in System32 directory 64 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\Speech\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fscompression.inf_amd64_2aa5f249d7ee104a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddmdx11.inf_amd64_e8336336d081cc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\errdev.inf_amd64_616c5168a5b1807a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\CimCmdlets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Drops file in Program Files directory 64 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-lightunplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-30_altform-lightunplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\ValueProp_Unknown.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-400.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-150_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ThirdPartyNotices.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7739_32x32x32.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.scale-125.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-16_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-200_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Moonlight.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-200.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int_2x.gif c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Default.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.scale-200.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-256_altform-unplated_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-150.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close2x.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-150.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-125.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-150.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-36_altform-unplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-300.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-lightunplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Snooze.scale-80.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-100.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Package.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-100.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-72.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-20_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-lightunplated.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Drops file in Windows directory 64 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process File created C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_ab9bc1d129a747ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars38.contrast-black_scale-200.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-150_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1202_none_26ae8647562ae5ff\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine-dui_31bf3856ad364e35_10.0.19041.1_none_96cc33fca2be11eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b7b9861b6741c29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host_31bf3856ad364e35_10.0.19041.789_none_1060d2d22df7c6eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_dual_volmgr.inf_31bf3856ad364e35_10.0.19041.928_none_30299b60c292d748\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ws-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1e24b78f138956a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-125_contrast-white.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ansliteration-nowow_31bf3856ad364e35_10.0.19041.1_none_0a1dcb44ea77fd15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-64_altform-unplated_contrast-black.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_10.0.19041.1151_en-us_c9f16b25e2c56827\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-dlg_31bf3856ad364e35_10.0.19041.1_none_544850fb795d0a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.546_none_8af3c00eb74baaa5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_dual_netvwifibus.inf_31bf3856ad364e35_10.0.19041.1_none_09667d4775c39899\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.264_none_c4bc376754eedc34\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_10.0.19041.1_none_9d5a916c5e8cf634\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-shdocvw_31bf3856ad364e35_10.0.19041.746_none_c56e38516ab57295\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_10.0.19041.1081_none_e049f4a228a31cca\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsCloudIcon.contrast-white_scale-200.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_nl-nl_90ad6bb7d40f6d35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_10.0.19041.906_none_f53dcf625a848893\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-inputswitch_31bf3856ad364e35_10.0.19041.1023_none_5ae4c111b6185af8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-150.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ndlers-quickactions_31bf3856ad364e35_10.0.19041.746_none_20e5b8e1a1fb9583\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-spelling-host.binaries_31bf3856ad364e35_10.0.19041.1_none_c3249fe181844dfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.contrast-white_scale-80.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_10.0.19041.1_none_241b3b307ddfb152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.546_none_6441d3d76cf5046e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-mdac-rds-shape-dll_31bf3856ad364e35_10.0.19041.746_none_ae08b9cb1bedd7c8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..oundation.resources_31bf3856ad364e35_10.0.19041.1_en-us_449a26ce5b47ea97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-onecore-winrt-storage_31bf3856ad364e35_10.0.19041.264_none_c21173097c295ccc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.546_none_1e9fba3daf5ad632\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wpt-addins-perfnt_31bf3856ad364e35_10.0.19041.746_none_101eb3611cbe97d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-m..imedia-broadcastdvr_31bf3856ad364e35_10.0.19041.746_none_6d6bda420a63ee68\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\INF\ESENT\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_83a3e6a16c623455\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..-system-userprofile_31bf3856ad364e35_10.0.19041.153_none_8e6b702160866b97\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.84_none_42927ae06bc1dce9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..entsbroker-bmpolicy_31bf3856ad364e35_10.0.19041.746_none_a0c91ba2b0abd9a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\Globalization\Sorting\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\5 - Task Manager.lnk c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..nlevelmanifests-com_31bf3856ad364e35_10.0.19041.746_none_64c0ff19143d9b14\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation-mfsvr_31bf3856ad364e35_10.0.19041.153_none_9ca88f0919de3053\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\refresh.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_dual_netnwifi.inf_31bf3856ad364e35_10.0.19041.1_none_74c765eb95b989e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\EN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\SystemResources\Windows.Foundation.Diagnostics.ErrorDetails\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_dual_c_fsinfrastructure.inf_31bf3856ad364e35_10.0.19041.1_none_7542c5a4cc2560a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..settingsenvironment_31bf3856ad364e35_10.0.19041.1266_none_00391982e430c025\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.546_none_98ea17fb77c6ab43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_10.0.19041.1_en-us_e2430f68c3f70a57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\IME\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsCloudIcon.contrast-white_scale-125.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.19041.1023_none_228521f0037fd996\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeprovisioningentry-main.html c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..mutilityrefslibrary_31bf3856ad364e35_10.0.19041.1_none_b1e9e2c3ee743677\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..rd-tpm-vcard-module_31bf3856ad364e35_10.0.19041.746_none_ffbf979d8a575954\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\SquareLogo310x310.scale-100.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\Square44x44Logo.png c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe -
Modifies registry class 10 IoCs
Processes:
c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.157953 c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.157953\ = "BUJYFGNMEYMSLBG" c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\ = "CRYPTED!" c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe,0" c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe" c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe"C:\Users\Admin\AppData\Local\Temp\c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:1848