IOCReport

loading gif

Files

File Path
Type
Category
Malicious
UOMp9cDcqZ.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UOMp9cDcqZ.exe.log
ASCII text, with CRLF line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\UOMp9cDcqZ.exe
'C:\Users\user\Desktop\UOMp9cDcqZ.exe'
malicious
C:\Users\user\Desktop\UOMp9cDcqZ.exe
C:\Users\user\Desktop\UOMp9cDcqZ.exe
malicious
C:\Windows\explorer.exe
malicious
C:\Windows\SysWOW64\colorcpl.exe
C:\Windows\SysWOW64\colorcpl.exe
malicious
C:\Windows\SysWOW64\autochk.exe
C:\Windows\SysWOW64\autochk.exe
clean
C:\Windows\SysWOW64\cmd.exe
/c del 'C:\Users\user\Desktop\UOMp9cDcqZ.exe'
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://www.dmgt4m2g8y2uh.net/p2io/?Y8a0dZ=QtqXFq7FP4KHNfY3GXms050Yi4WsLwGmbp3RpBBisdkFhqTaD+AYMAmq/Gwss1AnwPhT&1bE03H=2d8HJVh0mNdP
103.120.12.113
malicious
www.adultpeace.com/p2io/
malicious
http://www.hazard-protection.com/p2io/?Y8a0dZ=WcJiaxtbpXoyrp727GVLONmwQJizIxitcLbcPZwW7N+bpIkBoEIsPrx61ns7CFIdu3au&1bE03H=2d8HJVh0mNdP
148.59.128.71
malicious
http://www.yunlimall.com/p2io/?Y8a0dZ=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21bBg/43M0dy&1bE03H=2d8HJVh0mNdP
142.111.47.2
malicious
http://www.cleanxcare.com/p2io/?Y8a0dZ=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf074xZPwGcUa1&1bE03H=2d8HJVh0mNdP
78.31.67.91
malicious
http://www.fontbureau.com/designersG
unknown
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
http://www.sandoll.co.krN.TTFv
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
http://www.founder.com.cn/cn/cr
unknown
clean
http://www.jiyu-kobo.co.jp/jp//
unknown
clean
http://www.tiro.com
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://www.founder.c
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://www.thesoulrevitalist.com/p2io/?Y8a0dZ=ywi4HDlAhD4tPbY4K6H+rd6B6cynTULkanWCLCIOcA07eHcJTX4js3v63TFqYuac8Mmv&1bE03H=2d8HJVh0mNdP
34.102.136.180
clean
http://www.jiyu-kobo.co.jp/liquI
unknown
clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
clean
http://www.fontbureau.com/designersU
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://fontfabrik.com
unknown
clean
http://www.jiyu-kobo.co.jp/4
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://www.jiyu-kobo.co.jp/&
unknown
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
http://www.fontbureau.comuev
unknown
clean
http://www.sakkal.com
unknown
clean
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://www.sajatypeworks.coms
unknown
clean
http://www.tiro.comn
unknown
clean
http://www.jiyu-kobo.co.jp/jp/
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.founder.com.cn/cn/
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn.
unknown
clean
http://www.jiyu-kobo.co.jp/z
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-jones.html
unknown
clean
http://www.fontbureau.comm
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.sajatypeworks.coma-d
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
http://www.founder.com.cn/cn/MI
unknown
clean
There are 42 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.dmgt4m2g8y2uh.net
103.120.12.113
malicious
www.hazard-protection.com
148.59.128.71
malicious
www.yunlimall.com
142.111.47.2
malicious
cleanxcare.com
78.31.67.91
malicious
www.newmopeds.com
52.58.78.16
malicious
www.thesoulrevitalist.com
unknown
malicious
www.jonathan-mandt.com
unknown
malicious
www.cleanxcare.com
unknown
malicious
clientconfig.passport.net
unknown
malicious
www.zgcbw.net
unknown
malicious
thesoulrevitalist.com
34.102.136.180
clean
www.trendbold.com
64.190.62.111
clean
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
52.58.78.16
www.newmopeds.com
United States
malicious
142.111.47.2
www.yunlimall.com
United States
malicious