Analysis
-
max time kernel
163s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2022 17:22
Behavioral task
behavioral1
Sample
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe
Resource
win10v2004-20221111-en
General
-
Target
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe
-
Size
39KB
-
MD5
1222ed64e9e26f248791d66485906363
-
SHA1
c65e557698063038ede9ac2c20fa08deb5a86fa3
-
SHA256
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c
-
SHA512
8a29c1bd848414c84b882c899c81fab6d4e02f36f7a3c17d5c5c189a1d1fa8187fd4a6751584af85ad04c7c7fe161b7aac4b1527c7248cfbb7b0066d8155724d
-
SSDEEP
384:1ebFNw4Pk1itKkpAjjalrhVl8MqYvjSo1OkDCgSrN1w+MB:10FmBkpKjWQPY7fDCbNin
Malware Config
Signatures
-
Detected Xorist Ransomware 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3616-132-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3616-133-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Processes:
resource yara_rule behavioral2/memory/3616-132-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3616-133-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops startup file 1 IoCs
Processes:
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe -
Drops file in Program Files directory 64 IoCs
Processes:
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppStoreLogo.scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg7.jpg 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-lightunplated.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_animation.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_crop_handles.mp4 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\WideTile.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-black.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-24_altform-unplated.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\SmallTile.scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-125.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-150.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-400.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Thickness.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GooglePromoTile.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\MedTile.scale-125.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100_contrast-white.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-96_altform-unplated.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-80_altform-unplated.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-100.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare150x150Logo.scale-200.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\30.jpg 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-250.png 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe -
Drops file in Windows directory 64 IoCs
Processes:
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exedescription ioc process File created C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Jscript.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Utility.Activities.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Boot\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Globalization\ELS\Transliteration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\SMDiagnostics.Resources\3.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\napinit.resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.Routing.Resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Boot\EFI\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pad0e0718#\4c01b83715593dfea330357f18075ea2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\System.Management.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Boot\EFI\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Windows\Media\Windows Background.wav 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Ping\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Dtc.PowerShell.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P9de5a786#\7b5c5e18f54175c9d821602aea803caa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Globalization\ELS\SpellDictionaries\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\diagnostics\system\Search\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\IME\IMEJP\help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\v4.0_10.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.Vectors.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Activities.Resources\v4.0_3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero2\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe -
Modifies registry class 10 IoCs
Processes:
52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe" 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC" 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0" 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!" 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe"C:\Users\Admin\AppData\Local\Temp\52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3616