IOCReport

loading gif

Files

File Path
Type
Category
Malicious
6P61y0u6Nn.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Program Files\Common Files\system\E59A6148\svchost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files\Common Files\system\E59A6148\svchost.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ADA33B7.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0xb5c8843e, page size 16384, DirtyShutdown, Windows version 10.0
dropped
clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
clean
C:\Users\user\AppData\Local\Temp\114ecffd-3c3d-4852-9b52-9e435e4d4550\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\114ecffd-3c3d-4852-9b52-9e435e4d4550\test.bat
ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\743d8702-3ca1-4afe-8f7c-4f95be21c963\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\743d8702-3ca1-4afe-8f7c-4f95be21c963\test.bat
ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\79402708-a4e5-478e-aa5f-5322f2c0e4b7\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Temp\79402708-a4e5-478e-aa5f-5322f2c0e4b7\test.bat
ASCII text, with very long lines, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vq4c30n.hre.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fhtvdiy.ks4.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53g0o2y2.5iz.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5cymq2wv.eqf.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bakq5gb0.q3f.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_butynpy2.fhn.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvydw1mq.uvm.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5mblyo5.hbx.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ichx54v4.s1k.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyamx0do.zt4.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jddt5hq2.czv.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jna5bssn.ldi.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jpezsbnz.1f0.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lbdjttyt.kg4.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nd4is0gq.rfd.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndk5muty.fik.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_npy3ftdb.oi1.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psd5o1gf.32i.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptyzf23y.xc5.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qxn55ua0.cnh.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqobtuj1.jfs.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxw1d434.kcs.psm1
very short file (no magic)
modified
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_soufzxk1.qev.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sssd5d50.ed0.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tdifzaeb.1nw.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_te20ts3b.dv2.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uumxibsd.qrp.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbtwqko3.baj.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2dsoebv.o3s.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvmxazb3.r4v.psm1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\a6bde2fa-d937-4133-8635-97d75b194940\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped