IOC Report
eW1QrimJYd.exe

loading gif

Files

File Path
Type
Category
Malicious
eW1QrimJYd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\eW1QrimJYd.exe
"C:\Users\user\Desktop\eW1QrimJYd.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
"C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe
"C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
 malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup emsisoft.bit dns1.soprodns.ru
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1