IOCReport

loading gif

Files

File Path
Type
Category
Malicious
1wOdXavtlE.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\ProgramData\Immunity\is-2SOD7.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\Immunity\is-4BBH3.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\is-PFD3D.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\ProgramData\is-R3F67.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1wOdXavtlE.exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\servs.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\ssevs.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\sssevs.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Windows \System32\PasswordOnWakeSettingFlyout.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
malicious
C:\ProgramData\Immunity\CertMgry\is-I14BP.tmp
data
dropped
clean
C:\ProgramData\Immunity\CertMgry\is-OTUTI.tmp
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
clean
C:\ProgramData\Immunity\is-02I40.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
clean
C:\ProgramData\Immunity\is-15GML.tmp
Windows Registry text (Win95 or above)
dropped
clean
C:\ProgramData\Immunity\is-1J28N.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
clean
C:\ProgramData\Immunity\is-3JG13.tmp
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
dropped
clean
C:\ProgramData\Immunity\is-7MAR4.tmp
ASCII text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x7f0a05a2, page size 16384, DirtyShutdown, Windows version 10.0
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
clean
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 8 17:01:40 2021, mtime=Thu Apr 8 17:01:40 2021, atime=Fri Jan 15 04:01:28 2021, length=365, window=hide
dropped
clean
C:\ProgramData\Remote Manipulator System\install.log
ASCII text, with CRLF line terminators
dropped
clean
C:\ProgramData\is-7TDOG.tmp
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ssevs.exe.log
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sssevs.exe.log
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{671D4562-9894-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{671D4564-9894-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D8CBC47-9894-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
data
modified
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1tMzh7[1].png
PNG image data, 1 x 1, 1-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\1tncg7[1].png
PNG image data, 1 x 1, 1-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\favicon[1].ico
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
downloaded
clean
C:\Users\user\AppData\Local\Temp\is-5B1U4.tmp\servs.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\is-97L06.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\is-QEDPC.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2837.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2838.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2A7.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2A8.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2A9.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2AA.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2AB.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean
C:\Users\user\AppData\Local\Temp\tmp2AC.tmp
SQLite 3.x database, last written using SQLite version 3032001
dropped
clean