IOCReport

C:\ProgramData\300337377349991\_3003373773.zip

Zip archive data, at least v2.0 to extract

dropped

C:\ProgramData\300337377349991\cookies\Google Chrome_Default.txt

ASCII text, with CRLF line terminators

dropped

C:\ProgramData\300337377349991\screenshot.jpg

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3

dropped

C:\ProgramData\300337377349991\system.txt

ISO-8859 text, with CRLF line terminators

dropped

C:\ProgramData\300337377349991\temp

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\SysWOW64\cmd.exe

'C:\Windows\System32\cmd.exe' /c taskkill /pid 1124 & erase C:\Users\user\Desktop\New Order PO2193570O1.pdf.exe & RD /S /Q C:\\ProgramData\\300337377349991\\* & exit

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\taskkill.exe

taskkill /pid 1124

3140000

heap private

page read and write

3130000

unkown

page readonly

460000

unkown

page readonly

437000

unkown image

page readonly

42F000

unkown image

page readonly

26F0000

unkown

page read and write

7FF5C12AC000

unkown

page readonly