Analysis
-
max time kernel
153s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 04:32
Behavioral task
behavioral1
Sample
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe
Resource
win10v2004-20220812-en
General
-
Target
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe
-
Size
7KB
-
MD5
0e2b1f1c0abb115f4514a05212a20233
-
SHA1
afe35725bb3e6dfaff5db8335d017ebafecb94f3
-
SHA256
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2
-
SHA512
3f840cb63c67cd1a14c2376438420e70531e85c26021b9315910c4f409a7ac8bafb7b54b36b2a6d9c63e8e1e65922637e3319cdddf2fd33209e4c644dafd1b0b
-
SSDEEP
192:zzdrr1FG1WDCgmjPZvoAYmpiE/5eb2MUA:zprr1gkDCgSlVXeiMB
Malware Config
Signatures
-
Detected Xorist Ransomware 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1436-132-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1436-133-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process File renamed C:\Users\Admin\Pictures\PushResume.png => C:\Users\Admin\Pictures\PushResume.png.EnCiPhErEd 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe -
Processes:
resource yara_rule behavioral2/memory/1436-132-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1436-133-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops startup file 1 IoCs
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe -
Drops file in Program Files directory 64 IoCs
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-250.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutImage.layoutdir-RTL.gif 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24_altform-unplated_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\VideoLAN\VLC\THANKS.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\Java\jdk1.8.0_66\db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-80_altform-unplated_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-200.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNG 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Movie-TVStoreLogo.scale-125_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_BillPay.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-200.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-125.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-125.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xecd2.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-400.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-lightunplated.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlFrontIndicatorHover.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookPromoTile.scale-200.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-100.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files (x86)\Internet Explorer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-150.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-125.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-60_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-64_altform-unplated.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-64_altform-unplated_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-100.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-400.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-60_altform-unplated.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsLargeTile.scale-100.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-24_altform-lightunplated.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-400_contrast-white.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\AchievementUnlocked.mp3 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\iheart-radio.scale-100.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe -
Drops file in Windows directory 64 IoCs
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.DSC.CoreConfProviders\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client.Resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\diagnostics\system\Power\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\IdentityCRL\production\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\TileSmall.contrast-white_scale-400.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\.NET CLR Networking 4.0.0.0\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Boot\EFI\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\diagnostics\system\Bluetooth\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Logs\MoSetup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration.Resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\.NET Data Provider for Oracle\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\v4.0_1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Xml.Resources\2.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\splashscreen.contrast-black_scale-150.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\splashscreen.contrast-black_scale-200.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.NonGeneric\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.EventBasedAsync\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Downloaded Program Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-black.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\.NET CLR Networking\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\PERFLIB\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\ServiceModelOperation 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.Resources\3.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtc259d85b#\dc7f8f85008d65427e8e7bdea3086027\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\Media\Ring06.wav 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W708fc392#\09b91f03d16fc39bc49c0ed85b6903a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\065c68c5df73d6d3fe1af0c906703dcf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\diagnostics\system\Apps\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1257.TXT 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AddInUtil.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CertificateServices.PKIClient.Cmdlets.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Messaging.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\diagnostics\system\DeviceCenter\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\diagnostics\system\IESecurity\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\ServiceModelService 3.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\Media\Speech Off.wav 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Boot\EFI\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Boot\EFI\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\INF\TermService\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File created C:\Windows\Boot\EFI\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\TinyTile.scale-100.png 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe -
Modifies registry class 10 IoCs
Processes:
46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\ = "CRYPTED!" 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe,0" 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe" 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZCLMZNJFALTDUHQ" 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe"C:\Users\Admin\AppData\Local\Temp\46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2.exe"1⤵
- Modifies extensions of user files
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:1436