IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Delivery 9073782912,pdf.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Delivery 9073782912,pdf.exe.log
ASCII text, with CRLF line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
'C:\Users\user\Desktop\Delivery 9073782912,pdf.exe'
malicious
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
{path}
malicious

URLs

Name
IP
Malicious
http://www.fontbureau.com/designersG
unknown
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
https://freegeoip.app
unknown
clean
http://www.fontbureau.com/designersX
unknown
clean
http://www.tiro.com
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://www.carterandcone.com
unknown
clean
http://www.tiro.comnm
unknown
clean
http://fontfabrik.comM
unknown
clean
http://www.fontbureau.com/designersS
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://www.sandoll.co.krs-e
unknown
clean
http://fontfabrik.com
unknown
clean
http://checkip.dyndns.org/
162.88.193.70
clean
http://www.carterandcone.comscr
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://checkip.dyndns.com
unknown
clean
http://fontfabrik.comh
unknown
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
http://www.sakkal.com
unknown
clean
http://freegeoip.app
unknown
clean
https://freegeoip.app/xml/
unknown
clean
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://checkip.dyndns.orgD8Sk
unknown
clean
https://freegeoip.app4Sk
unknown
clean
http://checkip.dyndns.org
unknown
clean
http://www.sandoll.co.krN.TTF
unknown
clean
https://freegeoip.app/xml/84.17.52.38x
unknown
clean
https://freegeoip.app/xml/LoadCountryNameClipboard
unknown
clean
http://www.founder.com.cn/cndd
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-user.html
unknown
clean
http://checkip.dyndns.org/HB&lTN
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
https://freegeoip.app/xml/84.17.52.38
unknown
clean
http://checkip.dyndns.org4Sk
unknown
clean
There are 41 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
checkip.dyndns.org
unknown
malicious
freegeoip.app
104.21.19.200
clean
checkip.dyndns.com
162.88.193.70
clean

IPs

IP
Domain
Country
Active
Malicious
162.88.193.70
unknown
United States
unknown
clean
104.21.19.200
unknown
United States
unknown
clean

Registry

Path
Value
Malicious
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableFileTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableAutoFileTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
FileTracingMask
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
ConsoleTracingMask
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
MaxFileSize
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
FileDirectory
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableFileTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableAutoFileTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
FileTracingMask
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
ConsoleTracingMask
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
MaxFileSize
clean
C:\Users\user\Desktop\Delivery 9073782912,pdf.exe
FileDirectory
clean
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4E73000
unkown
page read and write
malicious
402000
unkown
page execute and read and write
malicious
7FF4FFE91000
unkown
page readonly
clean
7FF53646B000
unkown
page readonly
clean
8A40000
unkown
page read and write
clean
25A6B8C5000
unkown
page read and write
clean
2FDFFEEB000
unkown
page read and write
clean
2BD0000
unkown
page read and write
clean
56B0000
unkown
page read and write
clean
7FF59AFFE000
unkown
page readonly
clean
2FD80010000
unkown
page readonly