IOC Report

loading gif

Files

File Path
Type
Category
Malicious
g4FtSOZMD9.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\Brevsamlingssteds8\Restroke.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\Brevsamlingssteds8\Restroke.vbs
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\bhvFAB7.tmp
Extensible storage user DataBase, version 0x620, checksum 0x1277828c, page size 32768, DirtyShutdown, Windows version 10.0
dropped
clean
C:\Users\user\AppData\Local\Temp\iwxzjjveuvjtvtlo
Little-endian UTF-16 Unicode text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFF48BD71CF1E747D1.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean
C:\Users\user\AppData\Roaming\Clock\logs.dat
data
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_022802.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_023804.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_024805.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_025806.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_030807.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_031808.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_032809.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_033810.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_034810.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_035812.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_040812.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_041814.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_042814.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_043815.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_044815.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_045816.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_050816.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Roaming\Screenshots\time_20220102_051818.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
clean
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\g4FtSOZMD9.exe
"C:\Users\user\Desktop\g4FtSOZMD9.exe"
malicious
C:\Users\user\Desktop\g4FtSOZMD9.exe
"C:\Users\user\Desktop\g4FtSOZMD9.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
malicious
C:\Users\user\Desktop\g4FtSOZMD9.exe
C:\Users\user\Desktop\g4FtSOZMD9.exe /stext "C:\Users\user\AppData\Local\Temp\iwxzjjveuvjtvtlo"
malicious
C:\Users\user\Desktop\g4FtSOZMD9.exe
C:\Users\user\Desktop\g4FtSOZMD9.exe /stext "C:\Users\user\AppData\Local\Temp\srdskbfyidbgfzzawoj"
malicious
C:\Users\user\Desktop\g4FtSOZMD9.exe
C:\Users\user\Desktop\g4FtSOZMD9.exe /stext "C:\Users\user\AppData\Local\Temp\vtilcuqzwmtlifvenyefmr"
malicious

URLs

Name
IP
Malicious
nhtaxfilling.ddnsgeek.com
malicious
http://147.189.137.168/1040_RyQoPlW98.bin
147.189.137.168
malicious
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
unknown
clean
https://www.google.com/chrome/static/images/folder-applications.svg
unknown
clean
http://www.imvu.comr
unknown
clean
https://www.google.com/chrome/static/css/main.v2.min.css
unknown
clean
https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
unknown
clean
http://www.msn.com
unknown
clean
https://deff.nelreports.net/api/report?cat=msn
unknown
clean
http://google.com/chrome
unknown
clean
https://contextual.media.net/__media__/js/util/nrrV9140.js
unknown
clean
https://www.google.com/chrome/static/images/chrome-logo.svg
unknown
clean
https://www.google.com/chrome/static/images/homepage/homepage_features.png
unknown
clean
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
unknown
clean
https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
unknown
clean
https://www.google.com/chrome/
unknown
clean
https://www.google.com
unknown
clean
http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2Z
unknown
clean
https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
unknown
clean
https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
unknown