Analysis
-
max time kernel
114s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
20-11-2022 04:19
Behavioral task
behavioral1
Sample
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe
Resource
win10v2004-20221111-en
General
-
Target
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe
-
Size
7KB
-
MD5
33755784b9128aabea98a2d4f0bebb86
-
SHA1
4e327c4deae1ca7199408dd3e33ee7feb692b6b0
-
SHA256
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a
-
SHA512
1eecab22c39d01d57026136a398dc3f8369c0830821de6aa95b60ade277f91079f5fc0bcd2f589f8c2e362a4803108ea388d1e5ab190a359d0ae1caf1273bd4b
-
SSDEEP
192:gzdrr1FG1WDCgmjPZpO3GQ3aVAzMeisDUA:gprr1gkDCgSBQ39zMvsDB
Malware Config
Signatures
-
Detected Xorist Ransomware 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1684-55-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1684-56-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral1/memory/1684-57-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Drops file in Drivers directory 7 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Processes:
resource yara_rule behavioral1/memory/1684-55-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1684-56-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral1/memory/1684-57-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops startup file 1 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Drops file in System32 directory 64 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_neutral_2b583ce4a6a029a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\nv_lh.inf_amd64_neutral_bc69f20e3115af59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\avmx64c.inf_amd64_neutral_8ebb15bf548db022\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_neutral_49212f5920298e45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_neutral_41c6262952846788\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\arc.inf_amd64_neutral_11b52dec8e94d9aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_neutral_571f87a277565224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_neutral_857ff0fa9c73850a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00x.inf_amd64_neutral_eb0842aa932d01ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_amd64_neutral_d2425e60845d17d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc5.inf_amd64_neutral_2270382453de2dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnkm002.inf_amd64_neutral_7c42808e24ebff99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnrc002.inf_amd64_neutral_fdb6f2e252435905\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_neutral_0cf7696e2236ca4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_neutral_714bc6a3a28b9f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc1.inf_amd64_neutral_662220c3016bb4d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg62a.inf_amd64_neutral_5817ae5135655364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky006.inf_amd64_neutral_522043c34551b0c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\Setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_neutral_988a34fc912eab54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnnr004.inf_amd64_neutral_3319ff2548f89fd8\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_neutral_256ad642985694b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_neutral_ed1f16b3d0cae908\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_adc3e4acb1046b4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Drops file in Program Files directory 64 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Media Player\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Journal\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\System\Ole DB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\System\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\VideoLAN\VLC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files (x86)\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Java\jre7\bin\server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Drops file in Windows directory 64 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process File created C:\Windows\winsxs\amd64_microsoft-windows-scheduleui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2e13a6d8da3c0da7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-icacls.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f56dd33ae8ef7fcc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b92ec684182aafa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..-ehkorime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bca064373fa21fe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b3eedbac1eff49bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5aa71d84c72a7424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-rasmprddm_31bf3856ad364e35_6.1.7601.17514_none_f73c5693e437d5d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_44140bfbc11e0b1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b7ef41a9e894cfd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-wmadmoe_31bf3856ad364e35_6.1.7600.16385_none_8696c88e7f02ab7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_6.1.7600.16385_it-it_61afaab505acefba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-shlwapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aab4f8cb967e96d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bec341e40d6de22d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_mdmbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b33283e011283685\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-s..guration-engine-mof_31bf3856ad364e35_6.1.7600.16385_none_48090d13e092c7a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f07dc9069aae7249\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-deskperf_31bf3856ad364e35_6.1.7600.16385_none_c47c2c259032210f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_73122acb3d9fdd1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_memory.inf_31bf3856ad364e35_6.1.7600.16385_none_a950e2de512b35ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..tcpip-pro.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9eff732a4b9ce52f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-basics.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_cdcce4a91feaac13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_78da2230f6594d1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7601.17514_es-es_845b441e1a006240\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-atl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9d725bf10fb60d12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00030409_31bf3856ad364e35_6.1.7600.16385_none_301e1b7d53543c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e89ba9cb6f9dcbc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60eecb3224301366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d02acaa3e17e4bae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.16428_en-us_a8c31ce244dce37e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1a565c5f08cd73a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f288429e00a7242d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fcb33d1355a9fa2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_6.1.7600.16385_it-it_86558b2879657e41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-help-mobile.resources_31bf3856ad364e35_6.1.7600.16385_es-es_50534a5d13cbbc05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_fc675397c4309dd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ribbons_31bf3856ad364e35_6.1.7601.17514_none_e6dae9713e9b7588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\msil_comsvcconfig.resources_b03f5f7f11d50a3a_6.1.7601.17514_ja-jp_2a37215727b5d00e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e8c314b68736a191\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_b63c0c04dc872e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_bthpan.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5c372a740d734f88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_6.1.7601.17514_none_13d71710bc471de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..river-wmi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5ee7ee74b3bf8e99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-vssproxystub_31bf3856ad364e35_6.1.7600.16385_none_3092767d8b44f463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_hpsamd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5f1ec5ac3991088c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_prngt002.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4060ca3886538c9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_prnhp002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_611d6748a544306f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.1.7601.17514_none_41230ef33088513e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_brmfcsto.inf_31bf3856ad364e35_6.1.7600.16385_none_7fe64f7a6167bcf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_4b57445488ba33fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\wow64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_it-it_291eee26c5177af0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fc02e5c66519f4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\msil_system.directoryser..anagement.resources_b77a5c561934e089_6.1.7600.16385_it-it_3b8b80c97a58ed2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a2e0a108fb1d9acc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c65f31d113437677\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_it-it_a242b1f371a03af9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\x86_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2507f83c52d906be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_it-it_227e33fb04382aa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_6.1.7601.17514_it-it_86c39fbf09034103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe File created C:\Windows\winsxs\msil_system.data.oracleclient.resources_b77a5c561934e089_6.1.7601.17514_fr-fr_6082fa73b98dca5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe -
Modifies registry class 10 IoCs
Processes:
05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\ = "CRYPTED!" 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MQISXQQKMIDJKVK" 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe,0" 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe"C:\Users\Admin\AppData\Local\Temp\05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:1684