order pdf.exe

Options

Comments

Tags

• Engines
• IOCs

Full Report	Engine	Info	Verdict	Score	Reports
		System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113		100/100
				33/71
				9/40
				26/47

IPs

IP	Country	Detection
176.223.209.5	United Kingdom

Domains

Name	IP	Detection
fiscalitate.eu	176.223.209.5
mail.fiscalitate.eu	0.0.0.0

URLs

Name	Detection
http://OysMCylj1pBryKTY7.org
http://OysMCylj1pBryKTY7.orgtO
http://cps.letsencrypt.org0
Click to see the 4 hidden entries
http://cert.int-x3.letsencrypt.org/0
http://ocsp.int-x3.letsencrypt.org0/
http://cps.root-x1.letsencrypt.org0
http://OysMCylj1pBryKTY7.org413111d3B88A00104B2A6676

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\ActionQueue\wksprt.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\UoOfbM\UoOfbM.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActionQueue.url	MS Windows 95 Internet shortcut text (URL=<file:///C:/Users/user/ActionQueue/ActionQueue.vbs>), ASCII text, with CR line terminators	#
Click to see the 6 hidden entries
C:\Users\user\ActionQueue\ActionQueue.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\UoOfbM.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\spj1l5v0.x1b.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\spj1l5v0.x1b\Chrome\Default\Cookies	SQLite 3.x database, last written using SQLite version 3024000	#
C:\Users\user\AppData\Roaming\spj1l5v0.x1b\Firefox\Profiles\6c4zjj0s.default\cookies.sqlite	SQLite 3.x database, user version 9, last written using SQLite version 3023001	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#