IOCReport

loading gif

Files

File Path
Type
Category
Malicious
3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\Public\KDECO.bat
ASCII text, with no line terminators
dropped
clean
C:\Users\Public\Trast.bat
ASCII text, with no line terminators
dropped
clean
C:\Users\Public\UKO.bat
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\Public\nest
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Rvsqdibldhhwoyydhsqrllstcbdszox[1]
data
downloaded
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\3.exe
'C:\Users\user\Desktop\3.exe'
malicious
C:\Users\user\Desktop\3.exe
C:\Users\user\Desktop\3.exe
malicious
C:\Windows\explorer.exe
malicious
C:\Windows\SysWOW64\ipconfig.exe
C:\Windows\SysWOW64\ipconfig.exe
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' '
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.bat
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\SysWOW64\cmd.exe
/c del 'C:\Users\user\Desktop\3.exe'
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://www.ayco.sucks/ogpo/?A48d=zC0kwP5bKctHlfLOB2+sibzcGKB3iMHeqEe/jIuGwpXwhXE0RzFo/zlZKctRC22ZSehm&6lR=6lV0
54.147.194.143
malicious
www.glocp9.com/ogpo/
malicious
http://www.plastictohydrogen.com/ogpo/?A48d=CbUJuKt7Vosrs6ZfvMy9ZACJtxh5Vn+1+a7oDBWZt+TgGm/ZX/AruvxTHNafm6iWRnNw&6lR=6lV0
185.98.131.46
malicious
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://www.fontbureau.com/designersG
unknown
clean
http://www.cartercavanaugh.com/ogpo/?A48d=Eb/5YKKvhsVSjoe7WKqK8lvHUaW+cW6NCkYNvfPB2x3dLSCrEs0nDFeyqabSLZo4f9MA&6lR=6lV0
34.102.136.180
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
http://www.plaquitasparamascota.com/ogpo/?A48d=+lkBStlSiE9+OFshkPx+Yq+/zzAm/Md4bR1wj/5ry8M79budoFYJrIGh8Lqk2S+anP0V&6lR=6lV0
34.102.136.180
clean
http://www.tiro.com
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://fontfabrik.com
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-jones.html
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://www.amplifierconsulting.net/ogpo/?A48d=Jl6F8JfRXKQuEgspHKEQWFx9lJkkJ81RWL0viny1sd20tPIEiWVj+so6v/m+sN8GJ3v/&6lR=6lV0
34.102.136.180
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://www.sakkal.com
unknown
clean
http://www.vigipharx.com/ogpo/?A48d=/XqmpevXxgIJIxa5hFR8qIX06AkulEmPv+VC/TbkNW7S9I21kt2cK+1HkO47P92lOvxw&6lR=6lV0
34.102.136.180
clean
There are 23 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
plastictohydrogen.com
185.98.131.46
malicious
studiodates.com
107.180.44.132
malicious
indyoutlaws.com
192.185.11.167
malicious
www.ayco.sucks
54.147.194.143
malicious
www.mortgagenewsdailt.com
81.17.18.198
malicious
www.nosequemierda.com
unknown
malicious
www.plaquitasparamascota.com
unknown
malicious
www.plastictohydrogen.com
unknown
malicious
www.cartercavanaugh.com
unknown
malicious
www.catherinelazure.com
unknown
malicious
www.amplifierconsulting.net
unknown
malicious
www.vigipharx.com
unknown
malicious
www.indyoutlaws.com
unknown
malicious
www.glocp9.com
unknown
malicious
www.studiodates.com
unknown
malicious
amplifierconsulting.net
34.102.136.180
clean
cdn.discordapp.com
162.159.135.233
clean
plaquitasparamascota.com
34.102.136.180
clean
cartercavanaugh.com
34.102.136.180
clean
vigipharx.com
34.102.136.180
clean
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
54.147.194.143
www.ayco.sucks
United States
malicious
81.17.18.198
www.mortgagenewsdailt.com
Switzerland
malicious