Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
PDFixers.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\email-decode.min[1].js
|
HTML document, ASCII text, with very long lines (1238)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\css2[1].css
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\VZF1B155.htm
|
HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\font[1].eot
|
Embedded OpenType (EOT), Nunito Sans 12pt Light family
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\Desktop\SumatraPDF.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 19 14:53:08
2024, mtime=Fri Apr 19 14:53:08 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
|
dropped
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
pixel.pdfixers.com
|
104.21.11.17
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.21.11.17
|
pixel.pdfixers.com
|
United States
|
||
64.233.185.94
|
unknown
|
United States
|
||
172.217.215.95
|
unknown
|
United States
|