fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Size

732KB
MD5

579f0a2740ffc2304c75ebebe47c29a7
SHA1

424d6b1ac5ca3f45e794ed04e13280b3f32b8319
SHA256

fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869
SHA512

38777997a1a9f656bd422151a5e04817c8423a0be26490891adc462e1f05163e9204a6cfbe847312355ba1323ed78aad657b41af86fb4077dfc98f5246add64b
SSDEEP

3072:SNLJAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:SN6VdRQ/vqkg1gEagdgH

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (730) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe"	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\net1qx64.inf_amd64_neutral_85d10fa4c777b7be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Special_Characters.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_preference_variables.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsh002.inf_amd64_neutral_42b7a64f45c7554c\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_remote_jobs.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\WCN\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_pssession_details.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_neutral_86311fdf78a07678\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_neutral_be2f30f68f2a5567\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_Core_Commands.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Windows_PowerShell_2.0.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_Continue.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_neutral_24c807694f614911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_debuggers.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_remote_jobs.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_Throw.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Command_Syntax.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_History.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\synth3dvsc.inf_amd64_neutral_bccbc5fb46a05558\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_neutral_3b741ca76444b9c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_amd64_neutral_4ea3d42a9839982a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00i.inf_amd64_neutral_09ff5ee0a0cf0233\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_parameters.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_neutral_a87289088ec2cdf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin004.inf_amd64_neutral_c8902ae660ab1360\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\readme.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows Journal\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341439.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_lsi_fc.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_93484c228ce214db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_6.1.7600.16385_none_59590e92c817a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\default.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cttunesvr_31bf3856ad364e35_6.1.7600.16385_none_efd12d677fabca7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\inf\MSDTC Bridge 4.0.0.0\000A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_68408642f41ba602\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-cardgames_31bf3856ad364e35_6.1.7600.16385_none_9888c15ccd6f74c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4bdc81fb6ae8749d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_prnrc006.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c5e0d7c0608acbaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_server-help-chm.qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85d6de8a36956b6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e6395ad98d962be1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..rant-heap.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6785b3daf24750b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20871_31bf3856ad364e35_6.1.7600.16385_none_b0a7fb14fe47d6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ed629725306d9dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_nvraid.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_880d3ce75d345caa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_netfx-shfusion_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_2f34ae7288e22ae3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0532bd05b143bc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_es-es_28d96ab499179381\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_8.0.7600.16385_it-it_57508d63e1484ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_5b9fee911dc04044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-driverquery.resources_31bf3856ad364e35_6.1.7600.16385_es-es_58d29339dc26477b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-touch.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7a5fe73e301dc88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sxs-store_31bf3856ad364e35_6.1.7600.16385_none_6b8c69e4b4869227\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_11.2.9600.16428_en-us_d76622cf2d13e543\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-perf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ef90797875d85fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_ba5987585153b623\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ef8fad68f797468d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ca7ec133e2786d8f\about_CommonParameters.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_01c52cd042ca87ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..nput-core.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6d6ed421b29e86f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_510279f9c2c9e226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ae75c153af624664\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_710abec499095208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_locations.help.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1c236de0f7c0fc1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1111490cda1f48da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_prnlx00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c1f7ea5b1b054f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ification.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5bc7385e4b267fa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_dafff0c26538f91f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b4a1152b51c216d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dc373b8a3c1190f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File opened for modification	C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\settings.html	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-rdb.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_bb1cb4c71e2eee59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_de-de_5485638cfd4e1f24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..xperience.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2c4adadd87715dc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_047517c582f7fdf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_sbp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9c3d7597197688f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-onex.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8b6885fb600e9ca0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-peertopeergraphing_31bf3856ad364e35_6.1.7600.16385_none_629930f84b121f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_f61840f9bb3cd6a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e01b7a2cd2d75132\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_de-de_735d3c5f1c21fa26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Acti31fd6628#\b849edf8ff949a0ecc0d1ae81bbc431f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a8fb4bc7d136c51f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..cache-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a850c996e2a1a3d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7601.17514_none_b0d4b31078e74f85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_6.1.7600.16385_none_49ca2fe0f3c6c151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_670f5fce8faa234a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.crypto	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\ = "CRYPTED!"	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\DefaultIcon	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe,0"	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe"	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.crypto\ = "WLBBZNKOEAWJDDA"	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open\command	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open	fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe

C:\Users\Admin\AppData\Local\Temp\fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe
"C:\Users\Admin\AppData\Local\Temp\fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
443B

MD5
ab1a8fac5478e77d2c9351652cac7288

SHA1
a7843a4af990fc4b4dfb484549258eef60037e22

SHA256
e6e856e12d2b572b2353642380b78c3a8d9333615a42034f1ab0121c976ca242

SHA512
25dbd2952db75f31df0b61541dff7e2f1d27b2760ce478c9cd27b971cdd05c1d2bf3d69fc9b1390ed20c3741c0e73cf90ce22e3606a2428d7cc3d02ef5a4a3c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
80d2ff49f4309770a5f8c9461e24d695

SHA1
87e84e1f2c6be1549687a007f5530cfd636d609b

SHA256
f16a1eed1bd146f539927ee574b94e22809bc3605bf4665b1ab5ec1390f08784

SHA512
ef8528921d949e59261b85c00f03a59bcc594ad02419af0027ee3beb479eee575fbe1b6430920aaba555dfbdd2da7878e106b53a36869cb419a4f8eab79bf933

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
6KB

MD5
a911850cbb237b7be4de5321256fd8ce

SHA1
c42a00e72998ba481c94117ebbf8a95369857d87

SHA256
eaf296a2982cda50d7846deb2b03797b2f18e40d725846374a1ab9fd8d8ca3f9

SHA512
b7085ca676e0dcda70b51a188d9e295aa5c855cb438e5d17741bff16c55526ac4419bde0e691637b95cefe0e27763679cbd7c2638a083e26c849e8df262cf49c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
8abb874324b67e4922212b160bdb0ef3

SHA1
218fba34b194219b3871eddd710a5d4c201c5c27

SHA256
137e7ac68d8bcdbd0296af7b2adb69b93b8c247b6a1391a6b3bf9b497eb45f18

SHA512
750039875cf9d9ace1df547ce389dc126ca0254e25cd2608537c2e53a9b1705a3f813c1fa8691e01937444678baee3b3d94f7554470cd192432da91be0d8e950

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
c689fed5ede59211de221838df180d3a

SHA1
f6fb55eaf9db0b9e39120e872077febefd069cbf

SHA256
a349af3c16deac06a7798271c29d5851f45f7619e08966acf555af6479bcaacb

SHA512
b0494ceb1d8740ed197000fd4c7ac6027375f06715c471d1bbb85166a380eb778c3d30ac673df11bfd86cf8113af3650c12dadf42f550b8f9390f36782cacba8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
fbfc1cb6aadc7bbcde6e559d8c613874

SHA1
7e0f7a3bdde3aff490215e439dc339c7a1411bbc

SHA256
c9bdeaf3438b8cc04e83bb5c290ad6e77b155160aa4ff889b51c95f3b7bf16c4

SHA512
360f82590469f2f3d334f4e444296ea5ac89ac3a56df366c2544402abe5b01aae559679227b08eb1460f8447162168f2b9eb572760fd5e019b7b9d7fead699b6

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a30548f8bc2933aa2c46f8e9ab7c69e5

SHA1
f6ab433c7a21ccb42219f7398295fcd723b7a8c3

SHA256
828075f11abbeef71eefa4fed5a66418e7b577480ef60ed66a0490736428a07f

SHA512
0f570c78e82849f59bb44af8283c9e54cfa95300bde985a7b32cbc5cb8c802efb290ee64c5eadcb007ec9a09bf32273db35b90e9b5e53ac685d8a81d011f20e3

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
d8c6ce84eb95c017fef1799f3344c084

SHA1
bba95c5b120d31ca5d4bedf0d78901b7ca0cd215

SHA256
4ff0ccf2b339f8adfb5437e321e513a5ef8750659e0ad25a2fb83f9872c8d0a8

SHA512
7d89903c5e8df1469def291b02509a044ce192b7a1cd5f79fdcdde226cdd91a1a62cba07d15c8f3401c2c0877f7ac35febf33389bc8beb9d2fabe81dbf33148d

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
0ff9d1240f6c94d4ab6757f02fa3efc7

SHA1
b59296f78ace026db053186982470c58bc7b7de7

SHA256
872f3a3fe729ff43c941c56be07a47709af8ae6cf48599d41839fb27b4397365

SHA512
3bcb9f4065ab0b960d98feac48a148625cc8324b4f8976801d6e3b41cdff78a1d7e0800c19e5955ba2b57ef3b8b8feeea2e890ba3663df55d18a99b81d1fe3d1

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
9a89e04cda1208ed9c118fca0f8e831a

SHA1
9c7eb9b41b992120a0664238590a0fa51498c7da

SHA256
a8240978c4d4e5ccf985455374c112aa4969b6609878779f03002a0ea8501ec5

SHA512
5f6546f8cb5c493a8fe0a49a91ba1d24c26f185de70469504bd0e9d29395933f2dec056cf3a7e42aeeb68290d48265fba7a52221bc79ef64a8e386280cb8ce49

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
422b1410796993a0761f3b0481d695a1

SHA1
3d693d2cd9a1c5252e0f711ed2f6c778c12e343e

SHA256
56056c06ef720ede6b2d32170d106c47a89df363311023355abe73a03c4ac70c

SHA512
97f61439522d406f84b6945398393145628540408f49276c713f1883df56498102a727305cf0d7c4d93c4372d9de5ea72236910d3d9a3c48b629d7751c2d3760

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
922e50651c24f3424e2e2bd773663180

SHA1
1ae11c8456026eb38b8f8bcf17cdee2f5d22c1e5

SHA256
80f7be09e6bb92995f232a1fe6cb917ffa5b8ab8f43761888511b7f80a3d81da

SHA512
c2ec52cad05705cab95b3305017ff028127e7f3e63828b6df63f1ab3ec9b7d402e21bbb44ddd7ef6584fcfb0c746fe6fb1b55c8817635e0b4d2ab7b871e87397

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
12c869d37530a531ca957bfa86cc1bf4

SHA1
4bec4091f1237320d66a0ef028a137ace96d90fe

SHA256
c66c900f25a1e8fa2f4d95d3eb40a1e77844d10856f708cc5d4b65434d7437ff

SHA512
4e61c33bc14539e09f98e6cec8a1d05ec6aca8e78c0f48917572352f8501a0ba316299788eb72c08e0c9d93cab291355cdc0bf2e12f769edeaae7f8539460114

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
72be38ccc391bda4c5288e5d6b6242cc

SHA1
49ccfb4921d4b7bf39ff80e7fc6f4af4cdef187f

SHA256
9b68a0dbdb29d47039f7498f20f7863f8623b7aa87b53b40304fed2dafd46801

SHA512
8a26dd418767f50af2c937a60c9f27b9dbb647d65e2ec90cd5292131c24609f38b277ff4ea23ce342f751bff3c19c52a1daadbe815e963fb51e1a9d7ac64b4d9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads