7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4

General

Target

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
Size

31KB
MD5

35974bffb685ec30a23e6cd55f1d5fda
SHA1

e1ea58b98656795a3bdac8473a2479928061fd1a
SHA256

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4
SHA512

08aa1c8c2dd54c044a6abe2b0fb02f3d210b55453f26f388a410c7cc45df853bc303af02c2849fd89fef47b7c784e20d97a1b3e702e582ed93142472bbcc3f76
SSDEEP

768:biliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDL:MSsz6jGeyZx+l0TR

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Windows\userconfig9x.dll	acprotect

Loads dropped DLL 1 IoCs

Processes:

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

pid process

4020 7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
4020	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Norton Antivirus AV = "C:\\Windows\\FVProtect.exe"	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

Drops file in System32 directory 64 IoCs

Processes:

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

description	ioc	process
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\1001 Sex and more.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter all e.book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Windows XP crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Ulead Keygen 2004.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Win Longhorn re.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem full album.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter game.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Adobe Premiere 10.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears fuck.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Kazaa Lite 4.0 new.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Ringtones.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Matrix.mpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem blowjob.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Dictionary English 2004 - France.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\3D Studio Max 6 3dsmax.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Windows 2000 Sourcecode.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Microsoft WinXP Crack full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Opera 11.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter all e.book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Keygen 4 all new.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Adobe Photoshop 10 crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\The Sims 4 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears cumshot.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem Song text archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Adobe Premiere 10.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\How to hack new.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears Sexy archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\WinXP eBook newest.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Smashing the stack full.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\netsky source code.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Magix Video Deluxe 5 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Smashing the stack full.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Porno Screensaver britney.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Screensaver2.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\E-Book Archive2.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Gimp 1.8 Full with Key.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Lightwave 9 Update.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\American Idol.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\E-Book Archive2.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Norton Antivirus 2005 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter 1-6 book.txt.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Cracks & Warez Archiv.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Partitionsmagic 10 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Ringtones.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Win Longhorn re.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears blowjob.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney sex xxx.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Harry Potter e book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Adobe Photoshop 10 crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\American Idol.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Windows XP crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\MS Service Pack 6.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\1001 Sex and more.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Internet Explorer 9 setup.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Eminem Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Opera 11.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File opened for modification	\??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\webdownloadmanager\Britney Spears blowjob.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

Drops file in Program Files directory 64 IoCs

Processes:

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

description	ioc	process
File created	\??\c:\program files\microsoft office\updates\download\The Sims 4 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\89.0.4389.114\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\Full album all.mp3.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\meta-inf\Britney Spears fuck.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\meta-inf\RFC compilation.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\Britney Spears fuck.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Harry Potter 1-6 book.txt.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\Adobe Premiere 10.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\The Sims 4 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Kazaa new.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\1.3.165.21\Harry Potter all e.book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\Doom 3 release 2.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\Visual Studio Net Crack all.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\DivX 8.0 final.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\WinAmp 13 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Cloning.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\Britney Spears blowjob.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\Win Longhorn re.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\microsoft.analysisservices.spclient.interfaces\13.0.0.0__89845dcd8080cc91\Britney Spears and Eminem porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\requests\Internet Explorer 9 setup.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\89.0.4389.114\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\Smashing the stack full.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\Arnold Schwarzenegger.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\microsoft.analysisservices.spclient.interfaces\Adobe Photoshop 10 crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\Microsoft Office 2003 Crack best.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\89.0.4389.114\Internet Explorer 9 setup.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\Doom 3 release 2.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\js\MS Service Pack 6.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\Kazaa Lite 4.0 new.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\Britney Spears blowjob.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\Win Longhorn re.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\Partitionsmagic 10 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\Harry Potter 1-6 book.txt.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\Britney Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\images\Adobe Premiere 10.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\Ulead Keygen 2004.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\Teen Porn 15.jpg.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\How to hack new.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\images\Dark Angels new.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\Serials edition.txt.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\Altkins Diet.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\Eminem.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\Britney Spears cumshot.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\XXX hardcore pics.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\Cracks & Warez Archiv.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\images\Eminem sex xxx.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\microsoft.analysisservices.spclient.interfaces\13.0.0.0__89845dcd8080cc91\Cloning.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\microsoft.analysisservices.spclient.interfaces\13.0.0.0__89845dcd8080cc91\Ahead Nero 8.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\Partitionsmagic 10 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\js\Harry Potter all e.book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\{8a69d345-d564-463c-aff1-a69d9e530f96}\Opera 11.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\google\update\download\netsky source code.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files (x86)\microsoft\edgeupdate_bk\download\{f3c4fe00-efd5-403b-9569-398a20f1ba4a}\Dark Angels new.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\Eminem full album.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\DivX 8.0 final.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Clone DVD 6.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\videolan\vlc\lua\http\dialogs\Lightwave 9 Update.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\microsoft.analysisservices.spclient.interfaces\American Idol.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\program files\microsoft office\updates\download\packagefiles\e3689e5e-425c-46dc-95fc-e48f726723de\root\vfs\windows\assembly\gac_msil\WinXP eBook newest.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

Drops file in Windows directory 64 IoCs

Processes:

7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

description	ioc	process
File created	\??\c:\windows\downloaded program files\Opera 11.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\Eminem sex xxx.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\82c3e57819b51d2f1356fb07c91dc768\RFC compilation.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Kazaa new.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\Dark Angels new.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\serviceprofiles\networkservice\downloads\WinXP eBook newest.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\Microsoft WinXP Crack full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Win Longhorn re.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\Eminem Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\Britney Spears.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Ringtones.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Britney Spears and Eminem porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.rtc\Windows 2000 Sourcecode.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\Britney Spears.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\Britney Spears Song text archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\downloaded program files\Full album all.mp3.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Windows XP crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\Visual Studio Net Crack all.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\Eminem Poster.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\Adobe Photoshop 10 crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\servicestate\winhttpautoproxysvc\data\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\servicestate\winhttpautoproxysvc\Screensaver2.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\sharedfilecache\Partitionsmagic 10 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\Windows 2003 crack.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Britney Spears.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\Windows 2000 Sourcecode.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\How to hack new.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Eminem Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\serviceprofiles\networkservice\downloads\3D Studio Max 6 3dsmax.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\servicestate\winhttpautoproxysvc\Adobe Photoshop 10 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\Smashing the stack full.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Screensaver2.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Eminem Song text archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\1001 Sex and more.rtf.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\MS Service Pack 6.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\downloaded program files\Norton Antivirus 2005 beta.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\82c3e57819b51d2f1356fb07c91dc768\Ulead Keygen 2004.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\Britney Spears Sexy archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\serviceprofiles\localservice\downloads\Cracks & Warez Archiv.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\netsky source code.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\82c3e57819b51d2f1356fb07c91dc768\Teen Porn 15.jpg.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest\Arnold Schwarzenegger.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\Full album all.mp3.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\netsky source code.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\servicestate\winhttpautoproxysvc\Britney Spears Sexy archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\Britney Spears.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.rtc\Britney Spears.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\servicestate\winhttpautoproxysvc\Windows 2000 Sourcecode.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_32\system.net.http\Harry Potter.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\Matrix.mpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\WinAmp 13 full.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\RFC compilation.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\softwaredistribution\download\sharedfilecache\Eminem Sexy archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\assembly\nativeimages_v4.0.30319_32\system.net.http\981b8642758ae60742542a145db9e64b\Eminem Spears porn.jpg.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.servicemodel.http\v4.0_4.0.0.0__b03f5f7f11d50a3a\Harry Potter e book.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\Eminem Sexy archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\Eminem Song text archive.doc.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.webrequest.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\Britney Spears.mp3.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\serviceprofiles\networkservice\downloads\Dark Angels new.pif	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.http.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\Best Matrix Screensaver new.scr	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
File created	\??\c:\windows\downloaded program files\Harry Potter game.exe	7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe

C:\Users\Admin\AppData\Local\Temp\7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe
"C:\Users\Admin\AppData\Local\Temp\7c0675ab03c72efdae89b23f6ce1e8bd3972e0bea769be246baf2e86e24b26a4.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\userconfig9x.dll

Filesize
26KB

MD5
0a9ffa57d65083c92e0d3d69b00f2f0d

SHA1
ec88c8cf7b666e63cd800d869e56510e099b2943

SHA256
9bfaf2f0b53f87d1452d4c2aa75027ffb8e66aee1462c3d9eb7a6e55bcac55c8

SHA512
fa10ece8826badbbe1f572bfd9f4202b36dc499bca58a9d2e17ceb931b237f69867618fb2e7da732c5598cf24ad31008ebbf459380abbf071b849178eb193ae2

Download Submit
memory/4020-133-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/4020-134-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads