IOC Report
ORIGINAL INVOICE COAU7230734298.pdf.exe

loading gif

Files

File Path
Type
Category
Malicious
ORIGINAL INVOICE COAU7230734298.pdf.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORIGINAL INVOICE COAU7230734298.pdf.exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\297268BLQ
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
malicious
C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
malicious
C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
malicious
C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
"C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe"
malicious
C:\Windows\SysWOW64\RpcPing.exe
"C:\Windows\SysWOW64\RpcPing.exe"
malicious
C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
"C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe"
malicious
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
malicious

URLs

Name
IP
Malicious
http://www.kartal-nakliyat.xyz/n8ew/
85.159.66.93
malicious
http://www.kartal-nakliyat.xyz/n8ew/?-L=YrE+HYcRTJ/OeXavXWmi0WsMxqp/Qj1TC8eaJJaWkX68lODBlWDwQ18bVJjKs/Cf7bGV7reziuqKeQkAFQFGt8cheHN72b7qcqvkvKEYShiE16kKqs7vQFQ=&5lFl=AhoHbVV8w8Fhov
85.159.66.93
malicious
http://www.sidqwdf.fun/c6mm/?-L=605lt7jFydoU7JlJmLmlR3MPZVvrIrf93PMCsOoFpo6XmjZ52y5IXJzTkSO6xf5k8c4UHFGKgBYSwhM4U1695pryhegOugHUsMzW6k0CmFF9ZZ6niG5/hdc=&5lFl=AhoHbVV8w8Fhov
185.106.176.204
malicious
http://www.resellnexa.shop/sfpe/
52.223.13.41
malicious
http://www.sidqwdf.fun/c6mm/
185.106.176.204
malicious
http://www.resellnexa.shop/sfpe/?-L=sfhD9ka1f7Zl+qNrDMj9KQZnnhuUSPArAKQ60GHQT7zGoqr1MFveBg7/TQ1R28eaU1mFht6SOS1vYGyl5v5sWa+Vgmcag1rYJ6bZGh78paZg7QH5mUVjdRg=&5lFl=AhoHbVV8w8Fhov
52.223.13.41
malicious
https://duckduckgo.com/chrome_newtab
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://www.fontbureau.com/designersG
unknown
https://duckduckgo.com/ac/?q=
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://www.fontbureau.com/designers?
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://www.tiro.com
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://www.fontbureau.com/designers
unknown
http://www.yippie.world/pyhp/?5lFl=AhoHbVV8w8Fhov&-L=acxrSkAeFAn+c73u09IRBa4IAQi5A1z7ZI6dwDB31LKHDk9U9aCGF5xgW/dUXTEZ5HtK9ZQYYeKWJ5O00arwvLVjsQ/IAPNwWm6am1xvCJN+TihMUZXrkzI=
3.33.130.190
http://www.goodfont.co.kr
unknown
https://www.ecosia.org/newtab/
unknown
http://www.carterandcone.coml
unknown
http://www.resellnexa.shop
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://www.founder.com.cn/cn
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://www.jiyu-kobo.co.jp/
unknown
http://www.ascendercorp.com/typedesigners.htmlru-ru
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.fontbureau.com/designers8
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
http://www.sakkal.com
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
There are 33 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.sidqwdf.fun
185.106.176.204
malicious
www.resellnexa.shop
52.223.13.41
malicious
natroredirect.natrocdn.com
85.159.66.93
malicious
www.yippie.world
unknown
malicious
www.kartal-nakliyat.xyz
unknown
malicious
yippie.world
3.33.130.190

IPs

IP
Domain
Country
Malicious
52.223.13.41
www.resellnexa.shop
United States
malicious
185.106.176.204
www.sidqwdf.fun
United Kingdom
malicious
85.159.66.93
natroredirect.natrocdn.com
Turkey
malicious