IOC Report
gI5xZdIxUs.exe

loading gif

Files

File Path
Type
Category
Malicious
gI5xZdIxUs.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\gI5xZdIxUs.exe
"C:\Users\user\Desktop\gI5xZdIxUs.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
malicious
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
"C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns2.soprodns.ru
malicious
C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe
"C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe"
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns2.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.coin dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup nomoreransom.bit dns1.soprodns.ru
malicious
C:\Windows\SysWOW64\nslookup.exe
nslookup gandcrab.bit dns2.soprodns.ru
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1