The itch.io people are back!

Malware
,
1

[center][size=2]Past threads on this: http://scammer.info/t/dangerous-discord-scam-spreads-to-itch-io/78191[/size][/center]

Links:
Malware - https://aotodev.itch.io/blood-of-war
Virustotal - VirusTotal
Me trying to run this exe - Analysis https://aotodev.itch.io/blood-of-war Malicious activity - Interactive analysis ANY.RUN

All started with these messages:
[size=1]the warendev guy is just an other victim[/size]

26NlUKA
26NlUKA1080×2220 122 KB

AOl0pS4
AOl0pS41080×2220 124 KB

Appon downloading this file, it tries to:

Open files 
* C:\Windows\system32\powrprof.dll
* C:\Windows\System32\wshtcpip.dll
* C:\Windows\System32\wship6.dll
* C:\Windows\System32\wshqos.dll
* C:\Users\<USER>\AppData\Local
* C:\Users\<USER>\AppData\Local\
* C:\Users\<USER>\AppData\Local\Adobe
* C:\Users\<USER>\AppData\Local\Adobe\
* C:\Users\<USER>\AppData\Local\Adobe\ARM
* C:\Users\<USER>\AppData\Local\Adobe\ARM\
* C:\Users\<USER>\AppData\Local\Adobe\ARM\Reader_20.009.20063
* C:\Users\<USER>\AppData\Local\Adobe\ARM\Reader_20.009.20063\
* C:\Users\<USER>\AppData\Local\Adobe\ARM\Reader_20.009.20067
* C:\Users\<USER>\AppData\Local\Adobe\ARM\Reader_20.009.20067\
* C:\Users\<USER>\AppData\Local\Adobe\ARM\S
* C:\Users\<USER>\AppData\Local\Adobe\ARM\S\
* C:\Users\<USER>\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}
* C:\Users\<USER>\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0\Cache
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0\Cache\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0\Updater
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\9.0\Updater\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\DC
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\DC\
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\DC\Cache
* C:\Users\<USER>\AppData\Local\Adobe\Acrobat\DC\Cache\
* C:\Users\<USER>\AppData\Local\Adobe\Color
* C:\Users\<USER>\AppData\Local\Adobe\Color\
* C:\Users\<USER>\AppData\Local\Adobe\Color\Profiles
* C:\Users\<USER>\AppData\Local\Adobe\Color\Profiles\
* C:\Users\<USER>\AppData\Local\Adobe\ESD
* C:\Users\<USER>\AppData\Local\Adobe\ESD\
* C:\Users\<USER>\AppData\Local\Adobe\Updater6
* C:\Users\<USER>\AppData\Local\Adobe\Updater6\
* C:\Users\<USER>\AppData\Local\Adobe\Updater6\Data
* C:\Users\<USER>\AppData\Local\Adobe\Updater6\Data\
* C:\Users\<USER>\AppData\Local\Adobe\Updater6\Install
* C:\Users\<USER>\AppData\Local\Adobe\Updater6\Install\
* C:\Users\<USER>\AppData\Local\Application Data
* C:\Users\<USER>\AppData\Local\Application Data\
* C:\Users\<USER>\AppData\Local\GDIPFONTCACHEV1.DAT
* C:\Users\<USER>\AppData\Local\Google
* C:\Users\<USER>\AppData\Local\Google\
* C:\Users\<USER>\AppData\Local\Google\Chrome
* C:\Users\<USER>\AppData\Local\Google\Chrome\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\BrowserMetrics
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\BrowserMetrics\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\CertificateRevocation
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\CertificateRevocation\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\reports
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crashpad\reports\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crowd Deny
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Crowd Deny\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Cache
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Cache\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extension State
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extension State\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\bg
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\bg\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ca
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ca\
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\cs
* C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\cs\
Open registry keys 
HKLM\Software\Microsoft\WBEM\CIMOM
HKLM\Software\Microsoft\WBEM\CIMOM\ProcessID
HKLM\Software\Microsoft\WBEM\CIMOM\EnablePrivateObjectHeap
HKLM\Software\Microsoft\WBEM\CIMOM\ContextLimit
HKLM\Software\Microsoft\WBEM\CIMOM\ObjectLimit
HKLM\Software\Microsoft\WBEM\CIMOM\IdentifierLimit