Ioc1.ic1 - !!install!!

Use a query to find any process that attempted to create a file mapping object containing the string "ioc1.ic1".

Through analysis of public sandbox submissions (VirusTotal, Any.Run, Triage) and private threat feeds, three primary contexts for ioc1.ic1 emerge: ioc1.ic1

title: Suspicious File Mapping Object - ioc1.ic1 logsource: product: windows service: sysmon detection: EventID: 15 (FileCreateStreamHash) TargetFilename|contains: 'ioc1.ic1' condition: selection Use a query to find any process that

Treat ioc1.ic1 not as a file, but as a behavioral breadcrumb . Hunt for the action that creates it, and you will catch the adversary before they complete their mission. Triage) and private threat feeds

is identified as a critical ROM file required for running Capcom games like Cadillacs and Dinosaurs Common Issue