IOC Report
svc2.exe

loading gif

Files

File Path
Type
Category
Malicious
svc2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Roaming\hbasjiu
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\hbasjiu:Zone.Identifier
ASCII text, with CRLF line terminators
modified
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\svc2.exe
"C:\Users\user\Desktop\svc2.exe"
malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
malicious
C:\Users\user\AppData\Roaming\hbasjiu
C:\Users\user\AppData\Roaming\hbasjiu
malicious
C:\Users\user\AppData\Roaming\hbasjiu
C:\Users\user\AppData\Roaming\hbasjiu
malicious

URLs

Name
IP
Malicious
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
unknown
https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
unknown
https://wns.windows.com/bat
unknown
https://www.stacker.com/arizona/phoenix
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
http://constractionscity1991.lat/
https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
unknown
https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de
unknown
https://excel.office.com
unknown
http://schemas.micro
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
unknown
https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp(
unknown
https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
unknown
https://parade.com/61481/toriavey/where-did-hamburgers-originate
unknown
https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
unknown
https://api.msn.com/~T
unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
unknown
https://android.notify.windows.com/iOSp
unknown
https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc
unknown
https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o
unknown
https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o
unknown
https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
unknown
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
unknown
http://www.autoitscript.com/autoit3/J
unknown
https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
unknown
http://connecticutproperty.ru/
https://word.office.com
unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv
unknown
http://schemas.micros
unknown
https://android.notify.windows.com/iOSJM
unknown
https://powerpoint.office.com
unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark
unknown
https://www.msn.com/en-us/news/world/england-considers-raising-smoking-age-until-cigarettes-are-bann
unknown
https://outlook.com
unknown
https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
unknown
https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
unknown
https://android.notify.windows.com/iOSZM
unknown
https://www.msn.com/en-us/news/politics/trump-whines-to-cameras-in-ny-fraud-case-before-fleeing-to-f
unknown
https://www.msn.com/en-us/money/companies/kaiser-permanente-and-unions-for-75-000-striking-health-wo
unknown
https://android.notify.windows.com/iOS
unknown
https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
unknown
https://www.yelp.com
unknown
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
unknown
http://restructurisationservice.ru/
https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
unknown
https://www.msn.com:443/en-us/feed
unknown
https://www.msn.com/en-us/news/world/nobel-prize-in-literature-to-be-announced-in-stockholm/ar-AA1hI
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
unknown
https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
unknown
https://api.msn.com/v1/news/Feed/Windows?z$
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark
unknown
There are 50 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
restructurisationservice.ru
94.156.177.72
connecticutproperty.ru
2.59.163.71
constractionscity1991.lat
unknown

IPs

IP
Domain
Country
Malicious
2.59.163.71
connecticutproperty.ru
Russian Federation
94.156.177.72
restructurisationservice.ru
Bulgaria