lokvQRcUe0.dll

Options

Comments

Tags

• dll
• gozi_ifsb

dll gozi_ifsb

Add new tag

Available tags:

No tags available...

• Engines
• IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						20/41

IPs

IP	Country	Detection
176.10.119.68	Switzerland

URLs

Name	Detection
http://176.10.119.68/drew/6MD_2BLHj/Wwe7k6B1I0SM4estiKA8/spcFGasNn3hHiGKNKAO/_2B1ah_2BmpCz0i3Swrw7w/
http://176.10.119.68/drew/6MD_2BLHj/Wwe7k6B1I0SM4estiKA8/spcFGasNn3hHiGKNKAO/_2B1ah_2BmpCz0i3Swrw7w/_2FmDlfehB0OE/55WbV2nc/Y1h6ZuuUoh7qBwh_2BKlp0h/7L71gn0m4N/M3O3_2Bd4FYKhYEVp/A8X6IhSGaeKc/I6s_2F23qvp/A182DdgYpCpMIP/aP_2Bjsdht_2BJDxnVcIh/PpumD61sg3b7UjUn/NBCGMFNbIjiYANW/kV_2FL6Gv2Uv63EZQh/O7ekDFjPj/xu59b1S5vDi1BLf/OCWp.jlk
http://176.10.119.68/drew/TXnzVImnT660oDz/yMOCYK8RDAglTpu9ac/GwxTcb_2B/tHjr3EGRXu7rtpqrdyIg/MBYax8JZ
Click to see the 8 hidden entries
http://176.10.119.68/drew/8_2BLR3ULj9eEHGwEQ4wR/XNnJzaTlQzupEc1E/13YAC3A_2FwsRXQ/gU_2FKH8C0dGIfymyx/ocdHPIhqa/Hd8nJGo602uQ7riR5fk1/MgjZVgxWOeylhsm3UIe/ODtnBqntkfEzg6CGz22IMX/BqT5RhbEJCnRP/ZVkWQu9C/sR0fuByflYkig33702ZG3_2/FhdyARm9Lc/m4Hi2C6HqRM3XSnPm/LWaA4HaxDqj7/QbfVKFZGMWq/c7MJSNfi8K7i7w/7kd2UCa_2BF/87zDgqk.jlk
http://176.10.119.68/drew/TXnzVImnT660oDz/yMOCYK8RDAglTpu9ac/GwxTcb_2B/tHjr3EGRXu7rtpqrdyIg/MBYax8JZESMvd_2FR_2/FFgtmhXbR0ktwUdCXR2Pki/d8dU8ADU_2BI_/2BU31aFd/LiJXzwK_2BCmcWBI_2FSoW9/MydpZhmci7/DHFwznBk9lsaelX7d/OI_2F8mRA8r8/Ql7ZjpWXuIe/emON9m2OO9PUY_/2BZvNnjbqlcKSvSy4k903/VSDqqfhLnxG6SlxI/F80QTh1QnWNOnio/sWTgXKrMs/py.jlk
http://176.10.119.68/drew/8_2BLR3ULj9eEHGwEQ4wR/XNnJzaTlQzupEc1E/13YAC3A_2FwsRXQ/gU_2FKH8C0dGIfymyx/
http://https://file://USER.ID%lu.exe/upd
http://schemas.mi
http://constitution.org/usdeclar.txt
http://schemas.micr
http://constitution.org/usdeclar.txtC:

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_13ec5c98984773435626ad7d5b7558cb4938ccf_7cac0383_19b2f365\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_b0f1b17d9a16ab43633fff1f39c444c106187da_7cac0383_1942e1c1\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_ffc671f5cc13577c9afdbbe1a48667719c593ee_7cac0383_1adf0343\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 25 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC52.tmp.dmp	Mini DuMP crash report, 15 streams, Thu May 26 11:06:12 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF03.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE06B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE904.tmp.dmp	Mini DuMP crash report, 15 streams, Thu May 26 11:06:15 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB38.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECBF.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB73.tmp.dmp	Mini DuMP crash report, 15 streams, Thu May 26 11:06:20 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDC6.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFEF0.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\CSC72CD5E3A7BFC47C08453C5B847B47E88.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\CSC7CF5F35C720441118B71E863AB44B87A.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\RESE691.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\RESFE5F.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cuvyoqr5.itk.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohnz5k1g.zqm.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\b5khtopv.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\b5khtopv.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\b5khtopv.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\b5khtopv.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\kikzslfg.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\kikzslfg.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\kikzslfg.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\kikzslfg.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\Documents\20220526\PowerShell_transcript.530978.TCpPiQsC.20220526040704.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#