IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Purchase_Order.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase_Order.exe.log
ASCII text, with CRLF line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Purchase_Order.exe
'C:\Users\user\Desktop\Purchase_Order.exe'
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
malicious
C:\Windows\explorer.exe
malicious
C:\Windows\SysWOW64\systray.exe
C:\Windows\SysWOW64\systray.exe
malicious
C:\Windows\SysWOW64\cmd.exe
/c del 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://www.flockuplabs.com/uqf5/?7nBTylox=kpO7L1Lkp8iY+ON3mW6Oq8CK0aWMRalGagQzJa0PwjziroypQJ68geE/Aoh82zgIKZtO8rNXLQ==&x2J86x=b0DT
184.168.131.241
malicious
http://www.paolograssino.com/uqf5/?7nBTylox=bDjqt1XeIDnHqlCDx4UVtMOGyZAgv2iIcL7KLwBfVGeKSjMBDNU7E4Z2+8mD2QoqovVkCTqMJw==&x2J86x=b0DT
160.16.235.37
malicious
http://www.prltoday.com/uqf5/?7nBTylox=F/Xh9v+g7Cdwl5upkcpMZ8e4b+3WpLzzeVKIM3R3duzbf3evtWksiEg580T900Haqnq5nepxFw==&x2J86x=b0DT
213.186.33.5
malicious
http://www.mexicobeachselfstorage.com/uqf5/?7nBTylox=Da4K3sj86vB0DiXWDS0M3B9qaJwAtTAx24xw0Tll3v3x/H7Mq6Ed11VjNseOa8Aw4v8GgidMYQ==&x2J86x=b0DT
162.241.253.69
malicious
http://www.trainup-wall.com/uqf5/?7nBTylox=kfF6JYR62xx/HO09iSVcnhFTUCCMKaRIkXBWym1Qtkj7XLCdUz5OHH2iCIaFDs/mVibljY8vwA==&x2J86x=b0DT
45.140.167.161
malicious
http://www.cgjanvier.com/uqf5/?7nBTylox=G6aWL4dGCeTaDQvTN0iTmiC4rQ5Mm02kgONc9W0Ihpzmf26Z6y5bJWrOsZ7s6rQ8mSLn4IOSJg==&x2J86x=b0DT
156.241.53.127
malicious
http://www.culturalinterface.net/uqf5/?7nBTylox=0mO7J7bxUTMGF+cl/VKrKxzRBdjnePXE0BEJzt+odUfuolHzSnSh7sdQNpsCsCcZdtFb7j3ZKA==&x2J86x=b0DT
104.21.64.212
malicious
http://www.a-prime-india-demataccount.zone/uqf5/?7nBTylox=RQXRa0j10XdpS+WphiMG79Lf9dki4UzLVajXOJjWNMbn24QJDQJAUPqvADWkiraA7rP5UEZeUQ==&x2J86x=b0DT
172.67.155.26
malicious
http://www.gorditasdemaiz.com/uqf5/?7nBTylox=RIGbPleGLKfxQTAe4w4l83Ie2Cv1rNcMEGxhR3mrD7G7p1l+kx0Gi9Gk7nXoQ0ETWUCd/ihSFA==&x2J86x=b0DT
151.101.0.119
malicious
www.culturalinterface.net/uqf5/
malicious
http://www.fontbureau.com/designersG
unknown
clean
http://schemas.mi
unknown
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
http://www.carterandcone.comen
unknown
clean
http://www.tiro.com
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://www.carterandcone.com
unknown
clean
http://www.tylerrucarean.com/uqf5/?7nBTylox=OWFfPnC7AN8R77spBBTPEjKTeS6t/Yq1T4r8C76EKqDZAgRBJ/M7pX2IcLDFGki/UVfODSOMWA==&x2J86x=b0DT
34.102.136.180
clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.carterandcone.commd
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://fontfabrik.com
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
http://www.jiyu-kobo.co.jp/jp/N
unknown
clean
http://www.jiyu-kobo.co.jp/jp/Q
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
http://www.sakkal.com
unknown
clean
http://www.autoitscript.com/autoit3/J
unknown
clean
http://www.carterandcone.coma
unknown
clean
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://www.galapagosdesign.com/
unknown
clean
http://www.jiyu-kobo.co.jp/X
unknown
clean
http://www.toolbnbapp.com/uqf5/?7nBTylox=pmtBAvifUG/ctnoihxxVo+fAjsCiy+wOZZJ542i91rLFt0/MLgCG4nudrW9V9JXQ/3W4T2ttkA==&x2J86x=b0DT
34.102.136.180
clean
http://www.agfamonotype.
unknown
clean
http://www.jiyu-kobo.co.jp/Q
unknown
clean
http://www.jiyu-kobo.co.jp/N
unknown
clean
http://www.jiyu-kobo.co.jp/oi
unknown
clean
http://schemas.micr
unknown
clean
http://www.jiyu-kobo.co.jp/jp/
unknown
clean
http://en.w
unknown
clean
http://www.jiyu-kobo.co.jp/=
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-jones.html
unknown
clean
http://www.jiyu-kobo.co.jp/u
unknown
clean
http://www.sakkal.com-u
unknown
clean
http://www.monotype.
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
http://www.jiyu-kobo.co.jp/b
unknown
clean
http://www.fontbureau.com/designers/
unknown
clean
There are 53 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mexicobeachselfstorage.com
162.241.253.69
malicious
td-balancer-euw2-6-109.wixdns.net
35.246.6.109
malicious
www.trainup-wall.com
45.140.167.161
malicious
www.a-prime-india-demataccount.zone
172.67.155.26
malicious
www.gorditasdemaiz.com
151.101.0.119
malicious
www.cgjanvier.com
156.241.53.127