IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
malicious
C:\Users\user\AppData\Local\TechMind360 Innovations Co\L
data
dropped
malicious
C:\Users\user\AppData\Local\TechMind360 Innovations Co\MindTechPro360.js
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\TechMind360 Innovations Co\MindTechPro360.pif
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\812297\Shopzilla.pif
PE32 executable (GUI) Intel 80386, for MS Windows
modified
malicious
C:\Users\user\AppData\Local\Temp\812297\g
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Acoustic
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Almost
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Bb
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Bee
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Do
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Dot
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Extreme
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Gnome
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Praise
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Predict
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Random
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Ready
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Sandra
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Shannon
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Wright
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\After
data
dropped
C:\Users\user\AppData\Local\Temp\Anticipated
data
dropped
C:\Users\user\AppData\Local\Temp\Anyone
ASCII text, with very long lines (1797), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Anyone.cmd
ASCII text, with very long lines (1797), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Blessed
data
dropped
C:\Users\user\AppData\Local\Temp\Cargo
data
dropped
C:\Users\user\AppData\Local\Temp\Chase
data
dropped
C:\Users\user\AppData\Local\Temp\Commercial
data
dropped
C:\Users\user\AppData\Local\Temp\Complicated
data
dropped
C:\Users\user\AppData\Local\Temp\Continental
data
dropped
C:\Users\user\AppData\Local\Temp\Cunt
data
dropped
C:\Users\user\AppData\Local\Temp\Dominant
data
dropped
C:\Users\user\AppData\Local\Temp\Essential
data
dropped
C:\Users\user\AppData\Local\Temp\Expenses
data
dropped
C:\Users\user\AppData\Local\Temp\Halloween
data
dropped
C:\Users\user\AppData\Local\Temp\Hdtv
data
dropped
C:\Users\user\AppData\Local\Temp\Janet
data
dropped
C:\Users\user\AppData\Local\Temp\Melissa
data
dropped
C:\Users\user\AppData\Local\Temp\Opposite
data
dropped
C:\Users\user\AppData\Local\Temp\Petersburg
data
dropped
C:\Users\user\AppData\Local\Temp\Prisoners
data
dropped
C:\Users\user\AppData\Local\Temp\Purchasing
data
dropped
C:\Users\user\AppData\Local\Temp\Silk
data
dropped
C:\Users\user\AppData\Local\Temp\Stadium
data
dropped
C:\Users\user\AppData\Local\Temp\Stands
data
dropped
C:\Users\user\AppData\Local\Temp\Success
data
dropped
C:\Users\user\AppData\Local\Temp\Textile
data
dropped
C:\Users\user\AppData\Local\Temp\Tolerance
data
dropped
C:\Users\user\AppData\Local\Temp\nsb6504.tmp
data
dropped
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Anyone Anyone.cmd & Anyone.cmd
malicious
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
malicious
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c md 812297
malicious