IOCReport

loading gif

Files

File Path
Type
Category
Malicious
qT9Qk5aKTk.dll
MS-DOS executable, MZ for MS-DOS
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_02ccbfde\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_199c0d18\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FE.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA873.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Sep 10 18:12:32 2021, 0x1205a4 type
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF86.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC69C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2EE.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Sep 10 18:12:48 2021, 0x1205a4 type
dropped
clean
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFDB.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IUHEMSR9\contextual.media[1].xml
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\T8DRMTJ1\www.msn[2].xml
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86DBC09F-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86DBC0A1-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D3DD69F-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D3DD6A1-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE5F60-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE5F62-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3BACA1A-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3BACA1C-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC00BC63-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC00BC65-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2038910-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C2038912-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
modified
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CB1F148B-1262-11EC-90E6-ECF4BB82F7E0}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\4996b9[1].woff
Web Open Font Format, TrueType, length 45633, version 1.0
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOfsCY[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgI04[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgIQG[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgJ6C[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgLtL[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgbmq[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgg4w[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOggwL[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\AAOgkHA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB14EN7h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB14hq0P[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1aXBV1[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1cG73h[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB7hjL[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BBY7ARN[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BBkwUr[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\a5ea21[1].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\aMt[1].avi
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[3].htm
HTML document, ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[4].htm
HTML document, ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\checksync[5].htm
HTML document, ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\de-ch[2].json
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\tag[1].js
ASCII text, with very long lines
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAKFpl8[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\AANT3y4[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
modified
clean