analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

nouvyop.txt

Full analysis: https://app.any.run/tasks/6270ca52-6e7c-4669-930e-1a5d9f4bacca
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:33:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, ISO-8859 text, with very long lines, with CRLF line terminators
MD5:

FB35AADED9F509F54D2FBD9422774913

SHA1:

1BBD7DE58F80924CBD5827D52AA705951B381EED

SHA256:

6F2FAD7E98D8DDF3D2D4AEC65913FF6C3D286FA82268C8AE38B78818ABD7DB42

SSDEEP:

384:szp0ObZfwfLBC9nMjKOQxw1+9Sv6J3c3d3jrWIqnk5O:szp0ObZfwfLBC9nMjKOQxwU9w6JYdzKf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Disables Windows System Restore

      • reg.exe (PID: 484)
    • Writes to a start menu file

      • cmd.exe (PID: 3764)
    • Changes settings of System certificates

      • WScript.exe (PID: 3472)
    • Drops executable file immediately after starts

      • WScript.exe (PID: 3472)
    • Application was dropped or rewritten from another process

      • melter.exe (PID: 292)
  • SUSPICIOUS

    • Checks supported languages

      • cmd.exe (PID: 3764)
      • WScript.exe (PID: 688)
      • WScript.exe (PID: 2932)
      • cmd.exe (PID: 960)
      • WScript.exe (PID: 3472)
      • WScript.exe (PID: 3184)
      • cmd.exe (PID: 3192)
      • WScript.exe (PID: 1908)
      • WScript.exe (PID: 460)
      • WScript.exe (PID: 2500)
      • WScript.exe (PID: 1524)
      • WScript.exe (PID: 3988)
      • WScript.exe (PID: 3668)
      • WScript.exe (PID: 2264)
      • WScript.exe (PID: 3344)
      • WScript.exe (PID: 3244)
      • WScript.exe (PID: 420)
      • cmd.exe (PID: 2524)
      • WScript.exe (PID: 2412)
      • WScript.exe (PID: 3996)
      • WScript.exe (PID: 2232)
      • WScript.exe (PID: 3620)
      • WScript.exe (PID: 1264)
      • mshta.exe (PID: 972)
      • melter.exe (PID: 292)
      • WScript.exe (PID: 2608)
      • WScript.exe (PID: 3444)
      • WScript.exe (PID: 680)
      • WScript.exe (PID: 1788)
      • WScript.exe (PID: 3212)
      • WScript.exe (PID: 3552)
      • WScript.exe (PID: 4040)
      • WScript.exe (PID: 3792)
      • WScript.exe (PID: 660)
      • WScript.exe (PID: 2476)
      • WScript.exe (PID: 1748)
    • Reads the computer name

      • WScript.exe (PID: 688)
      • WScript.exe (PID: 2932)
      • cmd.exe (PID: 3764)
      • WScript.exe (PID: 3472)
      • WScript.exe (PID: 3184)
      • WScript.exe (PID: 1908)
      • WScript.exe (PID: 460)
      • WScript.exe (PID: 2500)
      • WScript.exe (PID: 3988)
      • WScript.exe (PID: 1524)
      • WScript.exe (PID: 3668)
      • WScript.exe (PID: 3344)
      • WScript.exe (PID: 2264)
      • WScript.exe (PID: 3996)
      • WScript.exe (PID: 420)
      • WScript.exe (PID: 3244)
      • WScript.exe (PID: 2232)
      • WScript.exe (PID: 2412)
      • WScript.exe (PID: 1264)
      • WScript.exe (PID: 3620)
      • cmd.exe (PID: 2524)
      • WScript.exe (PID: 2608)
      • mshta.exe (PID: 972)
      • WScript.exe (PID: 3444)
      • WScript.exe (PID: 680)
      • WScript.exe (PID: 1788)
      • WScript.exe (PID: 3212)
      • WScript.exe (PID: 3552)
      • WScript.exe (PID: 4040)
      • WScript.exe (PID: 3792)
      • WScript.exe (PID: 660)
      • WScript.exe (PID: 2476)
      • WScript.exe (PID: 1748)
    • Adds / modifies Windows certificates

      • WScript.exe (PID: 3472)
    • Executable content was dropped or overwritten

      • WScript.exe (PID: 3472)
    • Changes the desktop background image

      • reg.exe (PID: 1516)
      • reg.exe (PID: 2616)
      • reg.exe (PID: 1400)
      • reg.exe (PID: 2528)
      • reg.exe (PID: 3300)
      • reg.exe (PID: 4048)
      • reg.exe (PID: 3164)
      • reg.exe (PID: 3940)
      • reg.exe (PID: 2852)
      • reg.exe (PID: 3276)
      • reg.exe (PID: 2068)
      • reg.exe (PID: 4040)
      • reg.exe (PID: 2508)
      • reg.exe (PID: 3400)
      • reg.exe (PID: 3124)
      • reg.exe (PID: 1160)
      • reg.exe (PID: 3108)
      • reg.exe (PID: 2548)
      • reg.exe (PID: 2968)
      • reg.exe (PID: 3468)
      • reg.exe (PID: 3612)
      • reg.exe (PID: 3252)
      • reg.exe (PID: 1396)
      • reg.exe (PID: 3108)
      • reg.exe (PID: 3928)
      • reg.exe (PID: 3428)
      • reg.exe (PID: 3804)
      • reg.exe (PID: 2120)
      • reg.exe (PID: 2956)
      • reg.exe (PID: 968)
      • reg.exe (PID: 4016)
      • reg.exe (PID: 1344)
      • reg.exe (PID: 3608)
      • reg.exe (PID: 3752)
      • reg.exe (PID: 1708)
      • reg.exe (PID: 320)
      • reg.exe (PID: 360)
      • reg.exe (PID: 3744)
      • reg.exe (PID: 3844)
      • reg.exe (PID: 968)
      • reg.exe (PID: 2748)
      • reg.exe (PID: 3928)
      • reg.exe (PID: 3540)
      • reg.exe (PID: 3000)
      • reg.exe (PID: 2456)
      • reg.exe (PID: 1256)
      • reg.exe (PID: 3560)
      • reg.exe (PID: 3616)
      • reg.exe (PID: 2180)
      • reg.exe (PID: 2908)
      • reg.exe (PID: 3720)
      • reg.exe (PID: 2172)
      • reg.exe (PID: 3328)
      • reg.exe (PID: 3992)
      • reg.exe (PID: 2496)
      • reg.exe (PID: 464)
      • reg.exe (PID: 3256)
      • reg.exe (PID: 2700)
      • reg.exe (PID: 3920)
      • reg.exe (PID: 1336)
      • reg.exe (PID: 2704)
      • reg.exe (PID: 1736)
      • reg.exe (PID: 3728)
      • reg.exe (PID: 4012)
      • reg.exe (PID: 4024)
      • reg.exe (PID: 904)
      • reg.exe (PID: 1084)
      • reg.exe (PID: 3260)
      • reg.exe (PID: 3736)
      • reg.exe (PID: 2104)
      • reg.exe (PID: 508)
      • reg.exe (PID: 2556)
      • reg.exe (PID: 1404)
      • reg.exe (PID: 3468)
      • reg.exe (PID: 2564)
      • reg.exe (PID: 1736)
      • reg.exe (PID: 2812)
      • reg.exe (PID: 2600)
      • reg.exe (PID: 464)
      • reg.exe (PID: 1400)
      • reg.exe (PID: 2780)
      • reg.exe (PID: 3468)
      • reg.exe (PID: 3840)
      • reg.exe (PID: 1664)
      • reg.exe (PID: 3592)
      • reg.exe (PID: 3560)
      • reg.exe (PID: 2496)
      • reg.exe (PID: 3596)
      • reg.exe (PID: 2992)
      • reg.exe (PID: 3108)
      • reg.exe (PID: 3712)
      • reg.exe (PID: 2640)
      • reg.exe (PID: 904)
      • reg.exe (PID: 4072)
      • reg.exe (PID: 3592)
      • reg.exe (PID: 3748)
      • reg.exe (PID: 3012)
      • reg.exe (PID: 1576)
      • reg.exe (PID: 3384)
      • reg.exe (PID: 3920)
    • Drops a file with a compile date too recent

      • WScript.exe (PID: 3472)
    • Reads Microsoft Outlook installation path

      • mshta.exe (PID: 972)
  • INFO

    • Checks supported languages

      • NOTEPAD.EXE (PID: 1420)
      • takeown.exe (PID: 480)
      • reg.exe (PID: 1964)
      • reg.exe (PID: 484)
      • icacls.exe (PID: 2316)
      • timeout.exe (PID: 3048)
      • icacls.exe (PID: 1964)
      • explorer.exe (PID: 3092)
      • takeown.exe (PID: 2340)
      • reg.exe (PID: 1516)
      • timeout.exe (PID: 1344)
      • reg.exe (PID: 1400)
      • reg.exe (PID: 2920)
      • reg.exe (PID: 2528)
      • rundll32.exe (PID: 3624)
      • timeout.exe (PID: 1324)
      • reg.exe (PID: 1964)
      • reg.exe (PID: 2136)
      • reg.exe (PID: 2616)
      • timeout.exe (PID: 1300)
      • reg.exe (PID: 3300)
      • reg.exe (PID: 3112)
      • rundll32.exe (PID: 3164)
      • reg.exe (PID: 4048)
      • reg.exe (PID: 3752)
      • reg.exe (PID: 2456)
      • rundll32.exe (PID: 3976)
      • rundll32.exe (PID: 1908)
      • taskkill.exe (PID: 3740)
      • timeout.exe (PID: 484)
      • taskkill.exe (PID: 1972)
      • taskkill.exe (PID: 400)
      • taskkill.exe (PID: 2616)
      • taskkill.exe (PID: 2468)
      • taskkill.exe (PID: 3104)
      • taskkill.exe (PID: 3396)
      • shutdown.exe (PID: 4020)
      • taskkill.exe (PID: 3044)
      • taskkill.exe (PID: 3316)
      • taskkill.exe (PID: 1256)
      • reg.exe (PID: 3940)
      • reg.exe (PID: 3164)
      • reg.exe (PID: 2540)
      • net1.exe (PID: 3648)
      • reg.exe (PID: 2132)
      • rundll32.exe (PID: 2364)
      • net1.exe (PID: 3212)
      • reg.exe (PID: 2852)
      • net.exe (PID: 3176)
      • net.exe (PID: 3604)
      • net.exe (PID: 1524)
      • net1.exe (PID: 3340)
      • reg.exe (PID: 3276)
      • net1.exe (PID: 3196)
      • reg.exe (PID: 284)
      • net.exe (PID: 2132)
      • reg.exe (PID: 2572)
      • net.exe (PID: 2780)
      • rundll32.exe (PID: 2144)
      • net.exe (PID: 2748)
      • net1.exe (PID: 3400)
      • net1.exe (PID: 2816)
      • reg.exe (PID: 2068)
      • net.exe (PID: 3804)
      • reg.exe (PID: 4040)
      • reg.exe (PID: 332)
      • net.exe (PID: 1736)
      • net.exe (PID: 1344)
      • net1.exe (PID: 2272)
      • net1.exe (PID: 4016)
      • reg.exe (PID: 2236)
      • rundll32.exe (PID: 3520)
      • net1.exe (PID: 2992)
      • net.exe (PID: 2440)
      • reg.exe (PID: 3424)
      • reg.exe (PID: 2508)
      • reg.exe (PID: 1064)
      • net.exe (PID: 3580)
      • rundll32.exe (PID: 4016)
      • net1.exe (PID: 2316)
      • net.exe (PID: 2356)
      • reg.exe (PID: 3400)
      • net1.exe (PID: 4056)
      • net1.exe (PID: 1364)
      • reg.exe (PID: 3124)
      • reg.exe (PID: 2564)
      • net.exe (PID: 2484)
      • reg.exe (PID: 1160)
      • net.exe (PID: 4072)
      • reg.exe (PID: 3296)
      • net1.exe (PID: 3164)
      • reg.exe (PID: 3108)
      • net.exe (PID: 528)
      • rundll32.exe (PID: 3984)
      • net1.exe (PID: 4048)
      • net1.exe (PID: 2308)
      • net.exe (PID: 3100)
      • reg.exe (PID: 3400)
      • net1.exe (PID: 464)
      • net1.exe (PID: 3204)
      • rundll32.exe (PID: 2344)
      • reg.exe (PID: 3384)
      • reg.exe (PID: 2548)
      • net.exe (PID: 3736)
      • net1.exe (PID: 2372)
      • net.exe (PID: 3280)
      • net.exe (PID: 2208)
      • net1.exe (PID: 2764)
      • reg.exe (PID: 2968)
      • reg.exe (PID: 3468)
      • net.exe (PID: 3248)
      • rundll32.exe (PID: 3684)
      • net1.exe (PID: 3728)
      • net.exe (PID: 2388)
      • reg.exe (PID: 1016)
      • reg.exe (PID: 1388)
      • net1.exe (PID: 1104)
      • net.exe (PID: 2252)
      • net1.exe (PID: 3496)
      • reg.exe (PID: 3612)
      • net.exe (PID: 3200)
      • net1.exe (PID: 3512)
      • reg.exe (PID: 2748)
      • reg.exe (PID: 2432)
      • net.exe (PID: 1300)
      • reg.exe (PID: 3252)
      • rundll32.exe (PID: 3180)
      • net1.exe (PID: 2560)
      • net.exe (PID: 2252)
      • net1.exe (PID: 2316)
      • net.exe (PID: 1284)
      • reg.exe (PID: 1396)
      • reg.exe (PID: 3108)
      • reg.exe (PID: 3692)
      • net.exe (PID: 3296)
      • net1.exe (PID: 4012)
      • reg.exe (PID: 1596)
      • net1.exe (PID: 3560)
      • net.exe (PID: 2628)
      • rundll32.exe (PID: 876)
      • net1.exe (PID: 1576)
      • reg.exe (PID: 2856)
      • reg.exe (PID: 3928)
      • reg.exe (PID: 3428)
      • rundll32.exe (PID: 1284)
      • reg.exe (PID: 2976)
      • reg.exe (PID: 3844)
      • reg.exe (PID: 3804)
      • reg.exe (PID: 3712)
      • reg.exe (PID: 2120)
      • rundll32.exe (PID: 1664)
      • reg.exe (PID: 320)
      • rundll32.exe (PID: 3496)
      • reg.exe (PID: 2352)
      • reg.exe (PID: 1344)
      • rundll32.exe (PID: 952)
      • reg.exe (PID: 968)
      • reg.exe (PID: 2956)
      • rundll32.exe (PID: 1516)
      • reg.exe (PID: 4016)
      • reg.exe (PID: 2960)
      • reg.exe (PID: 3752)
      • reg.exe (PID: 3608)
      • rundll32.exe (PID: 2252)
      • reg.exe (PID: 960)
      • reg.exe (PID: 400)
      • rundll32.exe (PID: 3252)
      • rundll32.exe (PID: 3964)
      • reg.exe (PID: 2332)
      • rundll32.exe (PID: 3480)
      • reg.exe (PID: 2832)
      • reg.exe (PID: 320)
      • reg.exe (PID: 508)
      • reg.exe (PID: 360)
      • reg.exe (PID: 1708)
      • reg.exe (PID: 3676)
      • rundll32.exe (PID: 2100)
      • rundll32.exe (PID: 2784)
      • reg.exe (PID: 3736)
      • reg.exe (PID: 876)
      • reg.exe (PID: 968)
      • reg.exe (PID: 3744)
      • rundll32.exe (PID: 3364)
      • reg.exe (PID: 2748)
      • iexplore.exe (PID: 2308)
      • rundll32.exe (PID: 2436)
      • reg.exe (PID: 1284)
      • iexplore.exe (PID: 3520)
      • reg.exe (PID: 3844)
      • reg.exe (PID: 652)
      • rundll32.exe (PID: 3592)
      • reg.exe (PID: 968)
      • rundll32.exe (PID: 2224)
      • reg.exe (PID: 3928)
      • reg.exe (PID: 3540)
      • rundll32.exe (PID: 2960)
      • reg.exe (PID: 2912)
      • reg.exe (PID: 1260)
      • rundll32.exe (PID: 492)
      • reg.exe (PID: 3000)
      • rundll32.exe (PID: 3188)
      • reg.exe (PID: 2456)
      • rundll32.exe (PID: 3556)
      • reg.exe (PID: 1256)
      • reg.exe (PID: 124)
      • reg.exe (PID: 824)
      • reg.exe (PID: 3348)
      • rundll32.exe (PID: 876)
      • reg.exe (PID: 3560)
      • reg.exe (PID: 2908)
      • reg.exe (PID: 2180)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 3624)
      • reg.exe (PID: 2564)
      • reg.exe (PID: 3860)
      • rundll32.exe (PID: 3424)
      • reg.exe (PID: 3616)
      • rundll32.exe (PID: 3848)
      • rundll32.exe (PID: 3128)
      • reg.exe (PID: 3292)
      • rundll32.exe (PID: 1076)
      • reg.exe (PID: 3328)
      • reg.exe (PID: 1388)
      • rundll32.exe (PID: 2008)
      • rundll32.exe (PID: 824)
      • reg.exe (PID: 3256)
      • reg.exe (PID: 3720)
      • reg.exe (PID: 2120)
      • reg.exe (PID: 1344)
      • rundll32.exe (PID: 1712)
      • reg.exe (PID: 2240)
      • reg.exe (PID: 3752)
      • rundll32.exe (PID: 2332)
      • reg.exe (PID: 2172)
      • rundll32.exe (PID: 2880)
      • reg.exe (PID: 3992)
      • iexplore.exe (PID: 2628)
      • reg.exe (PID: 2496)
      • reg.exe (PID: 2380)
      • rundll32.exe (PID: 3560)
      • reg.exe (PID: 508)
      • reg.exe (PID: 464)
      • rundll32.exe (PID: 1260)
      • reg.exe (PID: 2700)
      • iexplore.exe (PID: 3984)
      • reg.exe (PID: 3124)
      • rundll32.exe (PID: 1160)
      • rundll32.exe (PID: 1532)
      • reg.exe (PID: 2956)
      • reg.exe (PID: 3920)
      • reg.exe (PID: 1336)
      • reg.exe (PID: 1288)
      • reg.exe (PID: 3812)
      • rundll32.exe (PID: 1376)
      • rundll32.exe (PID: 3928)
      • reg.exe (PID: 1736)
      • reg.exe (PID: 2556)
      • reg.exe (PID: 2704)
      • rundll32.exe (PID: 3656)
      • reg.exe (PID: 2572)
      • reg.exe (PID: 3728)
      • rundll32.exe (PID: 3240)
      • reg.exe (PID: 3624)
      • reg.exe (PID: 4012)
      • reg.exe (PID: 3612)
      • reg.exe (PID: 4024)
      • rundll32.exe (PID: 2496)
      • rundll32.exe (PID: 3320)
      • reg.exe (PID: 1084)
      • reg.exe (PID: 2716)
      • reg.exe (PID: 1104)
      • reg.exe (PID: 904)
      • rundll32.exe (PID: 3584)
      • reg.exe (PID: 3124)
      • rundll32.exe (PID: 484)
      • reg.exe (PID: 3260)
      • reg.exe (PID: 2104)
      • reg.exe (PID: 3736)
      • reg.exe (PID: 2956)
      • rundll32.exe (PID: 3276)
      • rundll32.exe (PID: 2916)
      • reg.exe (PID: 3696)
      • rundll32.exe (PID: 3984)
      • rundll32.exe (PID: 2692)
      • reg.exe (PID: 3648)
      • reg.exe (PID: 508)
      • reg.exe (PID: 2484)
      • reg.exe (PID: 2556)
      • rundll32.exe (PID: 2632)
      • reg.exe (PID: 1144)
      • rundll32.exe (PID: 2536)
      • reg.exe (PID: 1404)
      • reg.exe (PID: 2428)
      • reg.exe (PID: 4072)
      • rundll32.exe (PID: 3504)
      • rundll32.exe (PID: 3940)
      • reg.exe (PID: 2564)
      • reg.exe (PID: 2812)
      • rundll32.exe (PID: 3812)
      • reg.exe (PID: 1736)
      • reg.exe (PID: 3012)
      • rundll32.exe (PID: 2440)
      • reg.exe (PID: 2600)
      • reg.exe (PID: 3804)
      • reg.exe (PID: 2352)
      • reg.exe (PID: 3468)
      • reg.exe (PID: 2128)
      • reg.exe (PID: 464)
      • rundll32.exe (PID: 3204)
      • rundll32.exe (PID: 1876)
      • reg.exe (PID: 1400)
      • reg.exe (PID: 3428)
      • reg.exe (PID: 1524)
      • rundll32.exe (PID: 508)
      • reg.exe (PID: 2184)
      • reg.exe (PID: 2536)
      • rundll32.exe (PID: 2316)
      • reg.exe (PID: 2780)
      • rundll32.exe (PID: 3584)
      • reg.exe (PID: 3840)
      • reg.exe (PID: 3468)
      • reg.exe (PID: 3852)
      • reg.exe (PID: 1320)
      • reg.exe (PID: 2496)
      • rundll32.exe (PID: 3188)
      • reg.exe (PID: 3592)
      • rundll32.exe (PID: 1176)
      • reg.exe (PID: 1664)
      • reg.exe (PID: 3560)
      • reg.exe (PID: 3596)
      • rundll32.exe (PID: 3388)
      • reg.exe (PID: 120)
      • reg.exe (PID: 3648)
      • reg.exe (PID: 1144)
      • rundll32.exe (PID: 2380)
      • rundll32.exe (PID: 120)
      • reg.exe (PID: 2172)
      • rundll32.exe (PID: 2436)
      • reg.exe (PID: 2328)
      • reg.exe (PID: 2656)
      • rundll32.exe (PID: 2068)
      • reg.exe (PID: 2992)
      • rundll32.exe (PID: 3376)
      • reg.exe (PID: 3108)
      • rundll32.exe (PID: 3840)
      • reg.exe (PID: 3712)
      • reg.exe (PID: 2820)
      • reg.exe (PID: 3484)
      • rundll32.exe (PID: 2920)
      • reg.exe (PID: 3592)
      • reg.exe (PID: 2640)
      • rundll32.exe (PID: 1300)
      • reg.exe (PID: 288)
      • reg.exe (PID: 2560)
      • reg.exe (PID: 904)
      • rundll32.exe (PID: 2368)
      • rundll32.exe (PID: 2536)
      • reg.exe (PID: 3748)
      • reg.exe (PID: 4072)
      • rundll32.exe (PID: 3692)
      • reg.exe (PID: 3488)
      • rundll32.exe (PID: 3168)
      • reg.exe (PID: 2956)
      • reg.exe (PID: 1576)
      • reg.exe (PID: 3012)
      • reg.exe (PID: 480)
      • reg.exe (PID: 3152)
      • reg.exe (PID: 3384)
      • rundll32.exe (PID: 3900)
      • rundll32.exe (PID: 460)
      • reg.exe (PID: 1408)
      • reg.exe (PID: 3772)
      • reg.exe (PID: 3920)
      • rundll32.exe (PID: 3028)
    • Manual execution by user

      • cmd.exe (PID: 3764)
      • explorer.exe (PID: 3092)
    • Reads the computer name

      • NOTEPAD.EXE (PID: 1420)
      • takeown.exe (PID: 480)
      • takeown.exe (PID: 2340)
      • explorer.exe (PID: 3092)
      • taskkill.exe (PID: 1972)
      • taskkill.exe (PID: 2616)
      • taskkill.exe (PID: 3740)
      • taskkill.exe (PID: 2468)
      • taskkill.exe (PID: 400)
      • taskkill.exe (PID: 3316)
      • taskkill.exe (PID: 3044)
      • taskkill.exe (PID: 1256)
      • taskkill.exe (PID: 3104)
      • shutdown.exe (PID: 4020)
      • taskkill.exe (PID: 3396)
      • net1.exe (PID: 3648)
      • net1.exe (PID: 3212)
      • net1.exe (PID: 3196)
      • net1.exe (PID: 3340)
      • net1.exe (PID: 2816)
      • net1.exe (PID: 3400)
      • net1.exe (PID: 4016)
      • net1.exe (PID: 2272)
      • net1.exe (PID: 2992)
      • net1.exe (PID: 4056)
      • net1.exe (PID: 2316)
      • net1.exe (PID: 1364)
      • net1.exe (PID: 3164)
      • net1.exe (PID: 4048)
      • net1.exe (PID: 2308)
      • net1.exe (PID: 2372)
      • net1.exe (PID: 464)
      • net1.exe (PID: 3204)
      • net1.exe (PID: 2764)
      • net1.exe (PID: 3496)
      • net1.exe (PID: 3728)
      • net1.exe (PID: 1104)
      • net1.exe (PID: 3512)
      • net1.exe (PID: 2560)
      • net1.exe (PID: 2316)
      • net1.exe (PID: 4012)
      • net1.exe (PID: 3560)
      • net1.exe (PID: 1576)
      • iexplore.exe (PID: 2308)
      • iexplore.exe (PID: 3520)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 2628)
      • iexplore.exe (PID: 3984)
    • Checks Windows Trust Settings

      • WScript.exe (PID: 688)
      • WScript.exe (PID: 2932)
      • WScript.exe (PID: 3184)
      • WScript.exe (PID: 3472)
      • WScript.exe (PID: 1908)
      • WScript.exe (PID: 460)
      • WScript.exe (PID: 2500)
      • WScript.exe (PID: 3344)
      • WScript.exe (PID: 1524)
      • WScript.exe (PID: 2264)
      • WScript.exe (PID: 3988)
      • WScript.exe (PID: 3668)
      • WScript.exe (PID: 3996)
      • WScript.exe (PID: 420)
      • WScript.exe (PID: 2412)
      • WScript.exe (PID: 3244)
      • WScript.exe (PID: 2232)
      • WScript.exe (PID: 3620)
      • WScript.exe (PID: 2608)
      • WScript.exe (PID: 1264)
      • WScript.exe (PID: 3444)
      • WScript.exe (PID: 680)
      • WScript.exe (PID: 1788)
      • WScript.exe (PID: 3212)
      • WScript.exe (PID: 3552)
      • WScript.exe (PID: 4040)
      • WScript.exe (PID: 3792)
      • WScript.exe (PID: 660)
      • WScript.exe (PID: 2476)
      • WScript.exe (PID: 1748)
    • Reads settings of System Certificates

      • WScript.exe (PID: 3472)
      • WScript.exe (PID: 2500)
    • Reads internet explorer settings

      • mshta.exe (PID: 972)
    • Application launched itself

      • iexplore.exe (PID: 2308)
      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 2628)
    • Changes internet zones settings

      • iexplore.exe (PID: 2308)
      • iexplore.exe (PID: 3624)
      • iexplore.exe (PID: 2628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
458
Monitored processes
410
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start notepad.exe no specs cmd.exe takeown.exe no specs icacls.exe no specs reg.exe no specs reg.exe no specs wscript.exe no specs wscript.exe wscript.exe no specs wscript.exe timeout.exe no specs cmd.exe no specs takeown.exe no specs icacls.exe no specs explorer.exe no specs wscript.exe no specs timeout.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs timeout.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs timeout.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs wscript.exe no specs timeout.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs shutdown.exe no specs wscript.exe wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs mshta.exe no specs wscript.exe no specs melter.exe no specs reg.exe no specs net.exe no specs reg.exe no specs reg.exe no specs net1.exe no specs reg.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs reg.exe no specs net1.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs reg.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs net.exe no specs wscript.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs reg.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs reg.exe no specs net1.exe no specs reg.exe no specs reg.exe no specs net.exe no specs rundll32.exe no specs net1.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs net.exe no specs reg.exe no specs net1.exe no specs reg.exe no specs net.exe no specs reg.exe no specs net1.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs wscript.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs wscript.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs iexplore.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs iexplore.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs iexplore.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs iexplore.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs iexplore.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs iexplore.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs rundll32.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1420"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\admin\AppData\Local\Temp\nouvyop.txt"C:\Windows\system32\NOTEPAD.EXEExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3764"C:\Windows\System32\cmd.exe" /C "C:\Users\admin\Desktop\juif.bat" C:\Windows\System32\cmd.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
480takeown /f C:\*.* C:\Windows\system32\takeown.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Takes ownership of a file
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\takeown.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2316Icacls C:\*.* /C /G admin:F C:\Windows\system32\icacls.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
87
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1964REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisableTaskMgr /t REG_DWORD /d 1 /f C:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
484reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f C:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\reg.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
688"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\21616.vbs" C:\Windows\System32\WScript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2932"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\4561.vbs" C:\Windows\System32\WScript.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3184"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\15976.vbs" 7002.batC:\Windows\System32\WScript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3472"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\8361.vbs" C:\Windows\System32\WScript.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\wscript.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
Total events
67 285
Read events
23 423
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
5
Text files
16
Unknown types
2

Dropped files

PID
Process
Filename
Type
1420NOTEPAD.EXEC:\Users\admin\Desktop\juif.battext
MD5:FB35AADED9F509F54D2FBD9422774913
SHA256:6F2FAD7E98D8DDF3D2D4AEC65913FF6C3D286FA82268C8AE38B78818ABD7DB42
3764cmd.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mssec.battext
MD5:D0260EF86DD3C37A5BA023320DE22D98
SHA256:3F54F3E33EE249305F79A9980468B685F1CE59E976616F199066914038548181
2500WScript.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:953BBBF2C62EB6DFC48AAC1AA78AA47F
SHA256:FB2030E7F3083D281DA52246BD5AD19971B1A2A7B9FA91F8ACDD1C4E0F43AF3C
2500WScript.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2FFDB881A786D5E63F3C3FCD2E2B6955
SHA256:525927F6790B1BAB1950724C9C1DC0017DAABBE5F3D21DD0C1E104A3EF1EE68D
2500WScript.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3764cmd.exeC:\Users\admin\AppData\Local\Temp\23083.battext
MD5:BC949EA893A9384070C31F083CCEFD26
SHA256:6BDF66B5BF2A44E658BEA2EE86695AB150A06E600BF67CD5CCE245AD54962C61
2500WScript.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\lachancla[1].mp3
MD5:
SHA256:
3764cmd.exeC:\Users\admin\AppData\Local\Temp\21616.vbstext
MD5:86651BC7504417E7EF5AA1FC46B5A111
SHA256:2C3A7E0025A743BB10E97EBB7B2E1FF27530D007646ACA6FD3B06A31FD4F0652
3764cmd.exeC:\Users\admin\AppData\Local\Temp\4947.vbstext
MD5:DB07B3C9C42DF80BC7F2DA2984A61716
SHA256:3A0BFDED5CC4679468764AF6E5D8E0457547F93C9BFF8911ABE02CA05E03134E
460WScript.exeC:\Users\admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_7AA54AA41F3847BB90B1B420E2264D1E.datbinary
MD5:C34FA1C94889A9AFE3B43C4DDAB7A187
SHA256:925387F7C1BD1CF475927E4219E2DCB31C86AC189F1955775498F6839AD8B369
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
9
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2500
WScript.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2500
WScript.exe
GET
200
67.26.139.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a314ee569637a8bd
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2500
WScript.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2500
WScript.exe
67.26.139.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3472
WScript.exe
193.36.45.15:443
image.noelshack.com
L'Odyssee Interactive Jeuxvideo.com, SAS
FR
unknown
2932
WScript.exe
162.159.135.232:443
discord.com
Cloudflare Inc
malicious
3472
WScript.exe
217.65.97.74:443
ddl8.data.hu
Magyar Telekom plc.
HU
suspicious
2500
WScript.exe
162.159.134.233:443
cdn.discordapp.com
Cloudflare Inc
shared

DNS requests

Domain
IP
Reputation
discord.com
  • 162.159.135.232
  • 162.159.138.232
  • 162.159.137.232
  • 162.159.128.233
  • 162.159.136.232
whitelisted
image.noelshack.com
  • 193.36.45.15
  • 193.36.45.16
suspicious
ddl8.data.hu
  • 217.65.97.74
  • 217.65.97.75
  • 217.65.97.73
suspicious
cdn.discordapp.com
  • 162.159.134.233
  • 162.159.135.233
  • 162.159.130.233
  • 162.159.129.233
  • 162.159.133.233
shared
ctldl.windowsupdate.com
  • 67.26.139.254
  • 67.27.233.126
  • 67.27.157.126
  • 8.241.9.254
  • 67.27.159.254
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
theshitposter78.github.io
  • 185.199.108.153
  • 185.199.109.153
  • 185.199.110.153
  • 185.199.111.153
malicious

Threats

PID
Process
Class
Message
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2932
WScript.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
2500
WScript.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
2500
WScript.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
No debug info