IOC Report
#U0417#U0430#U043f#U0438#U0442 #U0421#U0411#U0423.rar

Files

File Path

Type

Category

Malicious

#U0417#U0430#U043f#U0438#U0442 #U0421#U0411#U0423.rar

RAR archive data, v5

initial sample

C:\Users\user\AppData\Local\Temp\185027\Spy.pif

PE32 executable (GUI) Intel 80386, for MS Windows

modified

C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url

MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js" >), ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\NanoSec Cryptographics\o (copy)

data

dropped

C:\Users\user\AppData\Local\Temp\185027\H

data

dropped

C:\Users\user\AppData\Local\Temp\7zO099FD947\??? ??????? 937463543.txt

Unicode text, UTF-8 text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\7zO099FD947\??? ??????? 937463543.txt:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Already

data

dropped

C:\Users\user\AppData\Local\Temp\Determined

data

dropped

C:\Users\user\AppData\Local\Temp\Finnish

data

dropped

C:\Users\user\AppData\Local\Temp\Hint

data

dropped

C:\Users\user\AppData\Local\Temp\Martin

data

dropped

C:\Users\user\AppData\Local\Temp\Organizing

data

dropped

C:\Users\user\AppData\Local\Temp\Presentations

data

modified

C:\Users\user\AppData\Local\Temp\Tim

data

dropped

C:\Users\user\AppData\Local\Temp\Tournaments

data

dropped

C:\Users\user\AppData\Local\Temp\Yes.bat

ASCII text, with very long lines (579), with CRLF line terminators

dropped

There are 9 hidden files, click here to show them.

Domains

Name

IP

Malicious

EPjDBRbjWjdkBwcRYTSjrZwkKu.EPjDBRbjWjdkBwcRYTSjrZwkKu

unknown