IOCReport

loading gif

Files

File Path
Type
Category
Malicious
sample.exe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
data
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x29e27591, page size 16384, DirtyShutdown, Windows version 10.0
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CCFEED7EF3CD3BBD21329435542A98D2_9C2DDAC79C917837883918D6BB58BE90
data
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CCFEED7EF3CD3BBD21329435542A98D2_9C2DDAC79C917837883918D6BB58BE90
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
dropped
clean
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
dropped
clean
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
data
modified
clean
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\sample.exe.exe
'C:\Users\user\Desktop\sample.exe.exe'
malicious
C:\Users\user\Desktop\sample.exe.exe
C:\Users\user\Desktop\sample.exe.exe
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\SysWOW64\videowlan.exe
C:\Windows\SysWOW64\videowlan.exe
malicious
C:\Windows\SysWOW64\videowlan.exe
C:\Windows\SysWOW64\videowlan.exe
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wisvc
malicious
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
clean
C:\Program Files\Windows Defender\MpCmdRun.exe
'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
There are 10 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://schemas.mi
unknown
clean
http://schemas.xmlsoap.org/ws/2005/02/scicy
unknown
clean
https://dev.ditu.live.com/REST/v1/Routes/
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
clean
https://corp.roblox.com/contact/
unknown
clean
https://t0.tiles.ditu.live.com/tiles/gen
unknown
clean
http://docs.oasis-open.o0
unknown
clean
http://schemas.xmlsoap.org/ws/2005/02/scr
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
clean
https://79.172.249.82:443/
79.172.249.82
clean
https://login.live.ppsecure
unknown
clean
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
clean
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
unknown
clean
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd/Encr
unknown
clean
http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
unknown
clean
https://www.hulu.com/ca-privacy-rights
unknown
clean
http://Passport.NET/tbpose
unknown
clean
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
clean
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
clean
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
unknown
clean
https://178.62.39.238:443/
178.62.39.238
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
clean
http://www.g5e.com/G5_End_User_License_Supplemental_Terms
unknown
clean
http://www.w3.
unknown
clean