Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Marys Organizer 2023 Release.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\build.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\json[1].json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\json[1].json
|
JSON data
|
dropped
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://geoplugin.net/json.gp
|
178.237.33.50
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
privmerkt.com
|
172.111.163.227
|
||
nwemarkets.com
|
45.74.48.2
|
||
geoplugin.net
|
178.237.33.50
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.111.163.227
|
privmerkt.com
|
United States
|
||
45.74.48.2
|
nwemarkets.com
|
United States
|
||
178.237.33.50
|
geoplugin.net
|
Netherlands
|