Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 09:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe
Resource
win7-20240708-en
windows7-x64
8 signatures
120 seconds
Behavioral task
behavioral2
Sample
7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
7 signatures
120 seconds
General
-
Target
7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe
-
Size
115KB
-
MD5
fdbd9187b91a666ab3e3ceff5358aa50
-
SHA1
c70ed34621145a82502582a33e569ff9f93dee63
-
SHA256
7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57c
-
SHA512
6ec979e7aa6be5b5c5a94a9a557814aa55b97ed4cea70253cb6111c98e278829d3462bee620104466d5fce87dbad6c7667370a347895bbe809f64efcd491a61d
-
SSDEEP
768:0MusTIlZLwRcC5caQRZfOWH0bhAUjkUXCDl++rNmxuEyb1UhT3zNsTTcjK/:A2mZLQcC5ZQHX0FXYPrN7EVskI
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ICQ Net = "C:\\Windows\\winlogon.exe -stealth" 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\z: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\g: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\k: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\m: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\n: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\t: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\l: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\q: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\s: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\w: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\x: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\j: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\o: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\r: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\y: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\v: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\e: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\h: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\i: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\p: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened (read-only) \??\u: 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Full album.mp3.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Gimp 1.5 Full with Key.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Lightwave SE Update.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Win Longhorn Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Ahead Nero 7.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\E-Book Archive.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\MS Service Pack 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Win Longhorn Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Doom 3 Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Best Matrix Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Dictionary English - France.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Dark Angels.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Gimp 1.5 Full with Key.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Smashing the stack.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\Dark Angels.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Ahead Nero 7.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Microsoft WinXP Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Virii Sourcecode.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Dark Angels.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Best Matrix Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Win Longhorn Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\WinXP eBook.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Win Longhorn Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Win Longhorn Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\3D Studio Max 3dsmax.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Microsoft Office 2003 Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Porno Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\res\Magix Video Deluxe 4.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Microsoft Office 2003 Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Partitionsmagic 9.0.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Adobe Premiere 9.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\Clone DVD 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Adobe Photoshop 9 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Ahead Nero 7.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\E-Book Archive.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Smashing the stack.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\How to hack.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Partitionsmagic 9.0.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\ime\shared\res\Adobe Photoshop 9 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\Opera.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Clone DVD 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File opened for modification \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\ime\shared\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\SysWOW64\windowspowershell\v1.0\modules\smbshare\en-us\Microsoft WinXP Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\program files\common files\microsoft shared\ink\zh-tw\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\Dictionary English - France.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\zh-cn\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilesx64\microsoft sql server\130\shared\WinXP eBook.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\zh-tw\The Sims 3 crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\hr-hr\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.27\ko\How to hack.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.2\de\Adobe Premiere 9.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\hu-hu\MS Service Pack 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\ko-kr\The Sims 3 crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\tr-tr\How to hack.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.2\it\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\vc\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\Lightwave SE Update.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\Microsoft WinXP Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\vsta\Dark Angels.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\en-ae\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\windows sidebar\shared gadgets\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\en-gb\Best Matrix Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.2\pt-br\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\Opera.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\css\Porno Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\hu-hu\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\sl-sl\Porno Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\hr-hr\Virii Sourcecode.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\axis\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\quad\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\Microsoft WinXP Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\source engine\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.27\zh-hans\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\7.0.16\fr\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\euro\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\cartridges\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\office setup controller\office.en-us\Porno Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilesx64\microsoft sql server\130\shared\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\ink\uk-ua\Star Office 8.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\en-gb\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\ru-ru\Adobe Photoshop 9 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\images\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\nb-no\E-Book Archive.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\de-de\Dictionary English - France.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\aftrnoon\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.27\ru\Doom 3 Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\watermar\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\fr-fr\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\filters\Doom 3 Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\aftrnoon\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\journal\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\uk-ua\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\common files\microsoft shared\vgx\Porno Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\languagemodel\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\textconv\Virii Sourcecode.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\7.0.16\de\ACDSee 9.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\resources\1033\3D Studio Max 3dsmax.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\office setup controller\office.en-us\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\sl-si\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\Star Office 8.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\studio\Ulead Keygen.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\watermar\Norton Antivirus 2004.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\program files\common files\microsoft shared\triedit\en-us\Teen Porn 16.jpg.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created \??\c:\windows\winsxs\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\How to hack.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\f\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_multipoint-wmssharinghost_31bf3856ad364e35_10.0.19041.1_none_b870259d909f25af\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\r\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft.csharp.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_7547c0329667ba97\3D Studio Max 3dsmax.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_windows-applicationmodel-datasharingsvc_31bf3856ad364e35_10.0.19041.1_none_8be6f644f3d6f25e\Opera.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-detectionandsharingapi_31bf3856ad364e35_10.0.19041.746_none_179c61a73cfb1a51\Doom 3 Beta.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\Gimp 1.5 Full with Key.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\f\DivX 7.0 final.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\Ahead Nero 7.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\r\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_multipoint-wmssharinghost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_fcac889e9a96498d\Cracks & Warez Archive.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\MS Service Pack 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\Partitionsmagic 9.0.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\IE58.1 full setup.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\f\Adobe Photoshop 9 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\Lightwave SE Update.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\x86_netfx-csharpcompilermsg_b03f5f7f11d50a3a_10.0.19041.1_none_31bcc7fd7bd75460\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\f\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\XXX hardcore pic.jpg.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_windows-applicationmodel-datasharingsvc_31bf3856ad364e35_10.0.19041.1_none_8be6f644f3d6f25e\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\Full album.mp3.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\f\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\r\E-Book Archive.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\f\Adobe Premiere 9.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\f\Microsoft Office 2003 Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\f\Smashing the stack.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\f\MS Service Pack 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\r\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\n\Lightwave SE Update.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\Dark Angels.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\Teen Porn 16.jpg.pif 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\r\Adobe Photoshop 9 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.19041.1_none_01403d15a6b8a2fe\Lightwave SE Update.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\How to hack.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\Partitionsmagic 9.0.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\Visual Studio Net Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\r\Learn Programming.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\Opera.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\Adobe Premiere 9.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\Best Matrix Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_multipoint-wmssharinghost.resources_31bf3856ad364e35_10.0.19041.1_en-us_d2a359876c7b1b4e\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\Smashing the stack.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\r\Screensaver.scr 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\Keygen 4 all appz.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\DivX 7.0 final.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\RFC Basics Full Edition.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\r\Partitionsmagic 9.0.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\Windows Sourcecode.doc.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\Microsoft WinXP Crack.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\r\3D Studio Max 3dsmax.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\WinAmp 12 full.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\r\DivX 7.0 final.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\r\MS Service Pack 5.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe File created \??\c:\windows\winsxs\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\1000 Sex and more.rtf.exe 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe"C:\Users\Admin\AppData\Local\Temp\7469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57cN.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2676
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
115KB
MD5fdbd9187b91a666ab3e3ceff5358aa50
SHA1c70ed34621145a82502582a33e569ff9f93dee63
SHA2567469fdb9418086e86aec5b18a360fce050725e6003500304191a3048d77ef57c
SHA5126ec979e7aa6be5b5c5a94a9a557814aa55b97ed4cea70253cb6111c98e278829d3462bee620104466d5fce87dbad6c7667370a347895bbe809f64efcd491a61d