Trojan.DownLoader35.26572

Technical Information

Modifies file system

Creates the following files

%TEMP%\setups.exe
C:\applications\browser\locales\is-1b6f3.tmp
C:\applications\browser\locales\is-gg3r4.tmp
C:\applications\browser\locales\is-vsanc.tmp
C:\applications\browser\locales\is-v4h3g.tmp
C:\applications\browser\locales\is-3dt9o.tmp
C:\applications\browser\locales\is-tqr6l.tmp
C:\applications\browser\locales\is-tb8tg.tmp
C:\applications\browser\locales\is-36j9a.tmp
C:\applications\browser\locales\is-8iqd4.tmp
C:\applications\browser\locales\is-eo9ab.tmp
C:\applications\browser\locales\is-3isoe.tmp
C:\applications\browser\locales\is-th4st.tmp
C:\applications\browser\locales\is-h3nme.tmp
C:\applications\browser\locales\is-fvuid.tmp
C:\applications\browser\locales\is-4pkne.tmp
C:\applications\browser\locales\is-avdkg.tmp
C:\applications\browser\locales\is-m7emv.tmp
C:\applications\browser\locales\is-4kkp6.tmp
C:\applications\browser\locales\is-bsaas.tmp
C:\applications\browser\locales\is-343vg.tmp
C:\applications\browser\locales\is-4mhjt.tmp
C:\applications\browser\widevinecdm\is-4a8a5.tmp
C:\applications\browser\visualelements\is-iogrl.tmp
C:\applications\browser\visualelements\is-sv14j.tmp
C:\applications\browser\swiftshader\is-1s5mr.tmp
C:\applications\browser\swiftshader\is-q9tjh.tmp
C:\applications\browser\locales\is-qmd24.tmp
C:\applications\browser\locales\is-nr6eg.tmp
C:\applications\browser\locales\is-99fld.tmp
C:\applications\browser\locales\is-ukd4s.tmp
C:\applications\browser\locales\is-0muq8.tmp
C:\applications\browser\locales\is-sicqr.tmp
C:\applications\browser\locales\is-bmnas.tmp
C:\applications\browser\locales\is-edolh.tmp
C:\applications\browser\locales\is-2gi24.tmp
C:\applications\browser\locales\is-5n62s.tmp
C:\applications\browser\locales\is-ikbfg.tmp
C:\applications\browser\locales\is-57cgl.tmp
C:\applications\browser\locales\is-u10s5.tmp
C:\applications\browser\widevinecdm\_platform_specific\win_x86\is-b1hqt.tmp
C:\applications\browser\locales\is-87uf3.tmp
C:\applications\browser\locales\is-neftp.tmp
C:\applications\browser\locales\is-575ac.tmp
C:\applications\browser\is-r1av5.tmp
C:\applications\browser\is-fmqmv.tmp
C:\applications\browser\is-ufcgb.tmp
C:\applications\browser\is-mckns.tmp
C:\applications\browser\is-urhse.tmp
C:\applications\browser\is-bfp1q.tmp
C:\applications\browser\is-r0g6a.tmp
C:\applications\browser\is-3v0gs.tmp
C:\applications\browser\is-kp87h.tmp
C:\applications\browser\is-edt4s.tmp
C:\applications\browser\is-tc18c.tmp
C:\applications\browser\is-btm7b.tmp
C:\applications\browser\is-nnp0c.tmp
%TEMP%\is-91en8.tmp\_isetup\_setup64.tmp
%TEMP%\is-eqh8g.tmp\setups.tmp
%TEMP%\is-7r6ed.tmp\_isetup\_setup64.tmp
%TEMP%\is-g656q.tmp\setups.tmp
C:\applications\browser\is-3ibbn.tmp
C:\applications\browser\is-563ip.tmp
C:\applications\browser\is-2ijvb.tmp
C:\applications\browser\is-kj2ce.tmp
C:\applications\browser\locales\is-9p1km.tmp
C:\applications\browser\locales\is-7po2m.tmp
C:\applications\browser\locales\is-ff5so.tmp
C:\applications\browser\locales\is-qqa6k.tmp
C:\applications\browser\locales\is-5bnre.tmp
C:\applications\browser\locales\is-g2rhe.tmp
C:\applications\browser\locales\is-nmtdt.tmp
C:\applications\browser\locales\is-uvps8.tmp
C:\applications\browser\locales\is-5r799.tmp
C:\applications\browser\locales\is-6u9vi.tmp
C:\applications\browser\locales\is-8v042.tmp
C:\applications\browser\locales\is-fedm2.tmp
C:\applications\browser\locales\is-cjs1a.tmp
C:\applications\browser\locales\is-iu0te.tmp
C:\applications\browser\locales\is-j2q9g.tmp
C:\applications\browser\is-nij9c.tmp
C:\applications\browser\is-gcf50.tmp
C:\applications\browser\is-ol0l5.tmp
C:\applications\browser\locales\is-462ju.tmp
C:\applications\browser\widevinecdm\_platform_specific\win_x86\is-nvent.tmp

Deletes the following files

%TEMP%\is-7r6ed.tmp\_isetup\_setup64.tmp
%TEMP%\is-g656q.tmp\setups.tmp
%TEMP%\is-91en8.tmp\_isetup\_setup64.tmp
%TEMP%\is-eqh8g.tmp\setups.tmp

Moves the following files

from C:\applications\browser\is-nnp0c.tmp to C:\applications\browser\63.0.3239.84.manifest
from C:\applications\browser\locales\is-343vg.tmp to C:\applications\browser\locales\ro.pak
from C:\applications\browser\locales\is-bsaas.tmp to C:\applications\browser\locales\pt-pt.pak
from C:\applications\browser\locales\is-4kkp6.tmp to C:\applications\browser\locales\pt-br.pak
from C:\applications\browser\locales\is-1b6f3.tmp to C:\applications\browser\locales\pl.pak
from C:\applications\browser\locales\is-gg3r4.tmp to C:\applications\browser\locales\nl.pak
from C:\applications\browser\locales\is-vsanc.tmp to C:\applications\browser\locales\nb.pak
from C:\applications\browser\locales\is-v4h3g.tmp to C:\applications\browser\locales\ms.pak
from C:\applications\browser\locales\is-4pkne.tmp to C:\applications\browser\locales\hr.pak
from C:\applications\browser\locales\is-3dt9o.tmp to C:\applications\browser\locales\mr.pak
from C:\applications\browser\locales\is-tb8tg.tmp to C:\applications\browser\locales\lv.pak
from C:\applications\browser\locales\is-36j9a.tmp to C:\applications\browser\locales\lt.pak
from C:\applications\browser\locales\is-8iqd4.tmp to C:\applications\browser\locales\ko.pak
from C:\applications\browser\locales\is-eo9ab.tmp to C:\applications\browser\locales\kn.pak
from C:\applications\browser\locales\is-3isoe.tmp to C:\applications\browser\locales\ja.pak
from C:\applications\browser\locales\is-th4st.tmp to C:\applications\browser\locales\it.pak
from C:\applications\browser\locales\is-h3nme.tmp to C:\applications\browser\locales\id.pak
from C:\applications\browser\locales\is-tqr6l.tmp to C:\applications\browser\locales\ml.pak
from C:\applications\browser\locales\is-fvuid.tmp to C:\applications\browser\locales\hu.pak
from C:\applications\browser\locales\is-4mhjt.tmp to C:\applications\browser\locales\ru.pak
from C:\applications\browser\locales\is-0muq8.tmp to C:\applications\browser\locales\uk.pak
from C:\applications\browser\widevinecdm\is-4a8a5.tmp to C:\applications\browser\widevinecdm\manifest.json
from C:\applications\browser\visualelements\is-iogrl.tmp to C:\applications\browser\visualelements\smalllogo.png
from C:\applications\browser\visualelements\is-sv14j.tmp to C:\applications\browser\visualelements\logo.png
from C:\applications\browser\swiftshader\is-1s5mr.tmp to C:\applications\browser\swiftshader\libglesv2.dll
from C:\applications\browser\swiftshader\is-q9tjh.tmp to C:\applications\browser\swiftshader\libegl.dll
from C:\applications\browser\locales\is-qmd24.tmp to C:\applications\browser\locales\zh-tw.pak
from C:\applications\browser\locales\is-nr6eg.tmp to C:\applications\browser\locales\zh-cn.pak
from C:\applications\browser\locales\is-57cgl.tmp to C:\applications\browser\locales\sl.pak
from C:\applications\browser\locales\is-u10s5.tmp to C:\applications\browser\locales\sk.pak
from C:\applications\browser\locales\is-ukd4s.tmp to C:\applications\browser\locales\tr.pak
from C:\applications\browser\locales\is-sicqr.tmp to C:\applications\browser\locales\th.pak
from C:\applications\browser\locales\is-bmnas.tmp to C:\applications\browser\locales\te.pak
from C:\applications\browser\locales\is-edolh.tmp to C:\applications\browser\locales\ta.pak
from C:\applications\browser\locales\is-2gi24.tmp to C:\applications\browser\locales\sw.pak
from C:\applications\browser\locales\is-5n62s.tmp to C:\applications\browser\locales\sv.pak
from C:\applications\browser\locales\is-ikbfg.tmp to C:\applications\browser\locales\sr.pak
from C:\applications\browser\locales\is-99fld.tmp to C:\applications\browser\locales\vi.pak
from C:\applications\browser\locales\is-avdkg.tmp to C:\applications\browser\locales\hi.pak
from C:\applications\browser\locales\is-m7emv.tmp to C:\applications\browser\locales\he.pak
from C:\applications\browser\locales\is-87uf3.tmp to C:\applications\browser\locales\gu.pak
from C:\applications\browser\is-2ijvb.tmp to C:\applications\browser\natives_blob.bin
from C:\applications\browser\is-563ip.tmp to C:\applications\browser\nacl_irt_x86_64.nexe
from C:\applications\browser\is-3ibbn.tmp to C:\applications\browser\nacl_irt_x86_32.nexe
from C:\applications\browser\is-r1av5.tmp to C:\applications\browser\nacl64.exe
from C:\applications\browser\is-fmqmv.tmp to C:\applications\browser\libglesv2.dll
from C:\applications\browser\is-ufcgb.tmp to C:\applications\browser\libegl.dll
from C:\applications\browser\is-ol0l5.tmp to C:\applications\browser\settings.dat
from C:\applications\browser\is-mckns.tmp to C:\applications\browser\icudtl.dat
from C:\applications\browser\is-bfp1q.tmp to C:\applications\browser\chromiumportable.exe
from C:\applications\browser\is-r0g6a.tmp to C:\applications\browser\chrome_watcher.dll
from C:\applications\browser\is-3v0gs.tmp to C:\applications\browser\chrome_elf.dll
from C:\applications\browser\is-kp87h.tmp to C:\applications\browser\chrome_child.dll
from C:\applications\browser\is-edt4s.tmp to C:\applications\browser\chrome_200_percent.pak
from C:\applications\browser\is-tc18c.tmp to C:\applications\browser\chrome_100_percent.pak
from C:\applications\browser\is-btm7b.tmp to C:\applications\browser\chrome.dll
from C:\applications\browser\is-urhse.tmp to C:\applications\browser\d3dcompiler_47.dll
from C:\applications\browser\is-gcf50.tmp to C:\applications\browser\snapshot_blob.bin
from C:\applications\browser\is-kj2ce.tmp to C:\applications\browser\resources.pak
from C:\applications\browser\is-nij9c.tmp to C:\applications\browser\v8_context_snapshot.bin
from C:\applications\browser\locales\is-neftp.tmp to C:\applications\browser\locales\fr.pak
from C:\applications\browser\locales\is-g2rhe.tmp to C:\applications\browser\locales\en-gb.pak
from C:\applications\browser\locales\is-575ac.tmp to C:\applications\browser\locales\fil.pak
from C:\applications\browser\locales\is-462ju.tmp to C:\applications\browser\locales\fi.pak
from C:\applications\browser\locales\is-9p1km.tmp to C:\applications\browser\locales\fa.pak
from C:\applications\browser\locales\is-7po2m.tmp to C:\applications\browser\locales\et.pak
from C:\applications\browser\locales\is-ff5so.tmp to C:\applications\browser\locales\es.pak
from C:\applications\browser\locales\is-qqa6k.tmp to C:\applications\browser\locales\es-419.pak
from C:\applications\browser\locales\is-5bnre.tmp to C:\applications\browser\locales\en-us.pak
from C:\applications\browser\locales\is-nmtdt.tmp to C:\applications\browser\locales\el.pak
from C:\applications\browser\locales\is-j2q9g.tmp to C:\applications\browser\locales\am.pak
from C:\applications\browser\locales\is-uvps8.tmp to C:\applications\browser\locales\de.pak
from C:\applications\browser\locales\is-6u9vi.tmp to C:\applications\browser\locales\da.pak
from C:\applications\browser\locales\is-5r799.tmp to C:\applications\browser\locales\cs.pak
from C:\applications\browser\locales\is-8v042.tmp to C:\applications\browser\locales\ca.pak
from C:\applications\browser\locales\is-fedm2.tmp to C:\applications\browser\locales\bn.pak
from C:\applications\browser\locales\is-cjs1a.tmp to C:\applications\browser\locales\bg.pak
from C:\applications\browser\locales\is-iu0te.tmp to C:\applications\browser\locales\ar.pak
from C:\applications\browser\widevinecdm\_platform_specific\win_x86\is-b1hqt.tmp to C:\applications\browser\widevinecdm\_platform_specific\win_x86\widevinecdm.dll
from C:\applications\browser\widevinecdm\_platform_specific\win_x86\is-nvent.tmp to C:\applications\browser\widevinecdm\_platform_specific\win_x86\widevinecdmadapter.dll

Network activity

TCP

HTTP GET requests

http://mi#####i.12finance.com/minerapi/bsize.txt
http://mi#####i.12finance.com/minerapi/SetupS.exe
http://www.gs##tic.com/chrome/profile_avatars/NothingToDownload
http://br######ine.12finance.com/index1000.php?af#######################
http://br######urf.12finance.com/index1000.php?af#######################

'clients2.google.com':443

'google.com':443

'tr######e.googleapis.com':443

'ho####gcloud.racing':443

'go#####agmanager.com':443

'gs##tic.com':443

UDP

DNS ASK mi#####i.12finance.com
DNS ASK clients2.google.com
DNS ASK clients4.google.com
DNS ASK google.com
DNS ASK br######ine.12finance.com
DNS ASK br######urf.12finance.com
DNS ASK tr######e.googleapis.com
DNS ASK gs##tic.com
DNS ASK clients3.google.com
DNS ASK ho####gcloud.racing
DNS ASK go#####agmanager.com
'google.com':443

Miscellaneous

Searches for the following windows

ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\Google\Chrome\User Data'

Creates and executes the following

'%TEMP%\setups.exe'
'%TEMP%\is-g656q.tmp\setups.tmp' /SL5="$F001C,48226283,57856,%TEMP%\setups.exe"
'%TEMP%\setups.exe' /VERYSILENT
'%TEMP%\is-eqh8g.tmp\setups.tmp' /SL5="$10001C,48226283,57856,%TEMP%\setups.exe" /VERYSILENT
'%TEMP%\setups.exe' ' (with hidden window)
'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --headless --disable-gpu --remote-debugging-port=9222 http://br######ine.12finance.com/index1000.php?af#######################' (with hidden window)
'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --headless --disable-gpu --remote-debugging-port=9222 http://br######urf.12finance.com/index1000.php?af#######################' (with hidden window)

Executes the following

'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --headless --disable-gpu --remote-debugging-port=9222 http://br######ine.12finance.com/index1000.php?af#######################
'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --headless --disable-gpu --remote-debugging-port=9222 http://br######urf.12finance.com/index1000.php?af#######################
'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=renderer --enable-deferred-image-decoding --lang=ru --force-fieldtrials="BackgroundRendererProcesses/Disallow/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePo...
'%ProgramFiles(x86)%\google\chrome\application\chrome.exe' --type=renderer --enable-deferred-image-decoding --lang=ru --force-fieldtrials="BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptiveP...

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней