IOC Report
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.mui
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\ImgBurn_822881.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\Unconfirmed 50026.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\a95add7b-c53e-41f4-88a5-4e133f87320a.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
data
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
data
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\01_Music_auto_rated_at_5_stars.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\02_Music_added_in_the_last_month.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\03_Music_rated_at_4_or_5_stars.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\04_Music_played_in_the_last_month.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\05_Pictures_taken_in_the_last_month.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\06_Pictures_rated_4_or_5_stars.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\07_TV_recorded_in_the_last_week.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\08_Video_rated_at_4_or_5_stars.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\09_Music_played_the_most.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\10_All_Music.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\11_All_Pictures.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\12_All_Video.wpl
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Media Player\wmpfolders.wmdb
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.diagpkg
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\RS_MediaLibCorrupted.ps1
ISO-8859 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\TS_IsWMPUnavailable.ps1
ISO-8859 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\TS_WindowsMediaPlayer.ps1
ISO-8859 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\CL_LouserzationData.psd1
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\result\results.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\wmsetup.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
There are 30 hidden files, click here to show them.

Domains

Name
IP
Malicious
s3.us-east-2.amazonaws.com
52.219.179.49
contentworldinc.com
104.26.5.9
www.google.com
172.217.18.4

IPs

IP
Domain
Country
Malicious
142.250.185.67
unknown
United States
142.250.110.84
unknown
United States
1.1.1.1
unknown
Australia
172.217.18.4
www.google.com
United States
192.168.2.16
unknown
unknown
142.250.185.227
unknown
United States
104.26.5.9
contentworldinc.com
United States
172.217.23.110
unknown
United States
142.250.181.238
unknown
United States
93.184.221.240
unknown
European Union
239.255.255.250
unknown
Reserved
40.127.240.158
unknown
United States
52.219.179.49
s3.us-east-2.amazonaws.com
United States
127.0.0.1
unknown
unknown
There are 4 hidden IPs, click here to show them.