IOCReport

loading gif

Files

File Path
Type
Category
Malicious
v8iFmF7XPp.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
initial sample
malicious
C:\Windows\SysWOW64\Qfjc\jklaa.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x4557a750, page size 16384, DirtyShutdown, Windows version 10.0
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
dropped
clean
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
dropped
clean
C:\Users\user\AppData\Local\Temp\UPDE009.tmp
data
dropped
clean
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\v8iFmF7XPp.dll,RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe 'C:\Users\user\Desktop\v8iFmF7XPp.dll',#1
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Qfjc\jojcnj.tmq',RunDLL
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\Qfjc\jklaa.dll',RunDLL 1AIAACAAAABRAGYAagBjAFwAagBvAGoAYwBuAGoALgB0AG0AcQAAAA==
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Qfjc\jojcnj.tmq',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Ctxuywd\wutukq.pfb',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Vzwiovrtengiv\kqvcktqgbfib.iqj',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Uxwmb\jkpj.zgu',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Vtvnv\rgao.stw',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Tduzowfuyye\kwrnkagaoo.gjy',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Acjeqx\suoth.uea',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Vsbshgerbjleuww\jcxjttitojfdgx.izj',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Sxwlvdjt\gtruoro.fuy',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Vvrwkvknxaabriyw\pmfojithdcmeryt.srg',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Niikduolbedqywld\lkcbagravqkrfqh.nmi',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Zoyzltjfgemqhsmn\vnkfptckelbvwlk.boa',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Livoial\pcccws.vji',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Iazkdtsnhfgqyu\kqzarazxjjgtp.ohz',Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Qrtvgntlq\jkzevdis.pdj',Control_RunDLL
malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe 'C:\Users\user\Desktop\v8iFmF7XPp.dll'
clean
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\v8iFmF7XPp.dll',#1
clean
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
clean
There are 22 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://167.71.148.58:443/fevfu215h/qkkg/exml9v/txegp7e76u/
167.71.148.58
malicious