IOC Report
0XLuA614VK.exe

loading gif

Files

File Path
Type
Category
Malicious
0XLuA614VK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\049zKJ78K
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\Okeghem
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\autC864.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\autC894.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\avenses
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\0XLuA614VK.exe
"C:\Users\user\Desktop\0XLuA614VK.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
"C:\Users\user\Desktop\0XLuA614VK.exe"
malicious
C:\Program Files (x86)\tDCzgUpqMpyFtrEZKjWXqEXSFoaiZJoViUUxeRKTJygWDziRLNg\sXmdPDASzrmzi.exe
"C:\Program Files (x86)\tDCzgUpqMpyFtrEZKjWXqEXSFoaiZJoViUUxeRKTJygWDziRLNg\sXmdPDASzrmzi.exe"
malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\msiexec.exe"
malicious
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
malicious

URLs

Name
IP
Malicious
http://www.formytinyhome.com/lztc/?V6h=7O2Vi30c2oKUz/gZ0nmLwDIgwhZodI9AolnTqJiIqHlz4L2fxMx7xnfeqZW9vH+mS4f3qWyrmk5EaMabwLfk8B7yJXbJanTlK0OvtO++wyfSRGRbh4BKfAxEuo7imst0wg==&sH=nVVHdDTx2PSTVJ
34.149.87.45
malicious
http://www.thecivilwearsprada06.site/2hp8/
199.59.243.226
malicious
http://www.cacingnaga36.click/ssw0/
199.59.243.226
malicious
http://www.whiskeydecanterset.com/wuux/?sH=nVVHdDTx2PSTVJ&V6h=G8W1V2+ngxJ+E83/0IyfiXupIqoHasoRgPgAY3+/EHQIvd2Wul84Lo8VWixQDtg5AMG3Phy0eNTP33PkrrD0t0eGx0WSmGJ1HH0cwOwxD95TaQSaBMeTfZ443OH1gA0wDQ==
199.59.243.226
malicious
http://www.smokesandhoney.com/ld3u/?V6h=7cSyNGFy/S5quoM6udyikngV4L2ptvlq1/kf9BPZtTlwCENfjvle2IZfxcv5JQLEZFLmm1935WPn1s0g14qVusJPQGgEr6+5yVxfblixZgca2mD/C/dkht+8dQzCD1+Jew==&sH=nVVHdDTx2PSTVJ
34.149.87.45
malicious
http://www.cacingnaga36.click/ssw0/?V6h=EWS2YwJnJiunoUuFc/7D9RbaJ3v4wM/73ZiSCzwa3KkaAEYrAxr2MHaEXaA/BV5/vIbe5XGczNGh+M2iNsrtVcMRpqBE9VdECLv8jlI9PFfIoqokrAMGKtNOgnbIBrYWGQ==&sH=nVVHdDTx2PSTVJ
199.59.243.226
malicious
http://www.smokesandhoney.com/ld3u/
34.149.87.45
malicious
http://www.5a8yly.cfd/kfsd/
72.52.178.23
malicious
http://www.4odagiyn.click/f1qc/?V6h=hzwN5LvsQYGPXTyx42WRS7uCqzLBy6ud4OZoJGct5lGhQCi/JqvYfzOI1V2uJBuqGZjzCjoJ029vt64MfCw2DjbXOZQ5rAFnHlGKde1l7O/bIsy3YWShbixw9PLvmnDlNA==&sH=nVVHdDTx2PSTVJ
72.52.178.23
malicious
http://www.bnmlk.org/r6tm/?sH=nVVHdDTx2PSTVJ&V6h=03r06RSocIWRHlQMBHZ7/ZdxuKKmGlmlv7BltFVQgkYFIdRnDBF7O8WDu3tP30gBrpd5Hehkjcnr6TVmd9giBmXATSrzqLCUTktLP3Nid+3n62oF5w/Mdat6l5CFzOydDA==
13.248.151.237
malicious
http://www.marinamaquiagens.online/n4sv/?V6h=Rn8sYt8YDaYT7jFf5K1RN21751bCn2USuvRVR0XZr3jMl4ljVezIqMhPdYzWo0QynoEEVao5Nd7ZkOoeHk8KzYmVnd6lY3cEc8VkS42gD8QuE3e2/CTNStdnS6k5rMWW1Q==&sH=nVVHdDTx2PSTVJ
15.197.240.20
malicious
http://www.yi992.com/iuti/?V6h=hoHbkVcpbob4KKGwTSg4Qmxuxm4KO3ujR6NVpJZRiS90gufBWzA0W/yR6JGFw3H3NTWRULQgnx1gCbPTi357oLTiVxRhMsTUHJ+Wl6jWlVJ6tv3Z5Sqw5Cg13CqV209vow==&sH=nVVHdDTx2PSTVJ
199.59.243.226
malicious
http://www.wildenmann.shop/ccpi/
91.203.110.247
malicious
http://www.4odagiyn.click/f1qc/
72.52.178.23
malicious
http://www.bnmlk.org/r6tm/
13.248.151.237
malicious
http://www.marinamaquiagens.online/n4sv/
15.197.240.20
malicious
http://www.formytinyhome.com/lztc/
34.149.87.45
malicious
http://www.rigintech.info/ig9u/?V6h=DsbZHDl7ETyucOGSRMDREU0gLqon/JCM1qPnn3cy3RxLEFGk9lVuu2W6wSDxGu+YER8koFm75cmrGcIzTbmZQ3LhDYrene07E1oxIZlh9GtUu7RZMRKLFDCiJnSgV5dMHg==&sH=nVVHdDTx2PSTVJ
162.0.213.94
malicious
http://www.5a8yly.cfd/kfsd/?sH=nVVHdDTx2PSTVJ&V6h=xdt0ktZO0PUVE8ko/vYSpSqVpvi6VCO8XncayCS9euW1eL9fqbwTWogO+vBLUJXWpdaX6FBHI3PARBJ6BBwlCmNGVSn5FdlKflrneiv2THCpchPWcIBHiIkx6LHBCpUWbA==
72.52.178.23
malicious
http://www.yi992.com/iuti/
199.59.243.226
malicious
http://www.rigintech.info/ig9u/
162.0.213.94
malicious
http://www.wildenmann.shop/ccpi/?sH=nVVHdDTx2PSTVJ&V6h=96vdCLF6vzOjbBC3mbkrC4zzUz2rd8Vx/oWpiC2btghNh3zo1JohGtlH0OSuyloWV4aL4gulV88Z8WUGiHxG/5dbitedT3dwls/KnYRS+O7Xw5tFmWV2oMBDB9F7a8JBDA==
91.203.110.247
malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://www.bnmlk.org/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmQ5YTM2NDExYzB
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://www.namesilo.com/whois
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://d38psrni17bvxu.cloudfront.net/themes/registrar/images/namesilo.svg
unknown
https://www.namesilo.com
unknown
https://pcnatrk.net/track.
unknown
https://www.ecosia.org/newtab/
unknown
http://ww7.4odagiyn.click/f1qc/?V6h=hzwN5LvsQYGPXTyx42WRS7uCqzLBy6ud4OZoJGct5lGhQCi/JqvYfzOI1V2uJBuq
unknown
https://www.formytinyhome.com/lztc/?V6h=7O2Vi30c2oKUz/gZ0nmLwDIgwhZodI9AolnTqJiIqHlz4L2fxMx7xnfeqZW9
unknown
http://ww1.5a8yly.cfd/kfsd/?sH=nVVHdDTx2PSTVJ&V6h=xdt0ktZO0PUVE8ko/vYSpSqVpvi6VCO8XncayCS9euW1eL9fqb
unknown
https://www.smokesandhoney.com/ld3u/?V6h=7cSyNGFy/S5quoM6udyikngV4L2ptvlq1/kf9BPZtTlwCENfjvle2IZfxcv
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com
unknown
https://www.namesilo.com/domain/search-domains
unknown
http://c.parkingcrew.net/scripts/sale_form.js
unknown
http://www.4odagiyn.click
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://wildenmann.shop/ccpi/?sH=nVVHdDTx2PSTVJ&V6h=96vdCLF6vzOjbBC3mbkrC4zzUz2rd8Vx/oWpiC2btghNh3zo1
unknown
There are 36 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.rigintech.info
162.0.213.94
malicious
869710.parkingcrew.net
13.248.151.237
malicious
77980.bodis.com
199.59.243.226
malicious
www.wildenmann.shop
91.203.110.247
malicious
www.4odagiyn.click
72.52.178.23
malicious
www.5a8yly.cfd
72.52.178.23
malicious
td-ccm-neg-87-45.wixdns.net
34.149.87.45
malicious