IOC Report
AM PROJECT PDF.exe

loading gif

Files

File Path
Type
Category
Malicious
AM PROJECT PDF.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AM PROJECT PDF.exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\262I-Au
SQLite 3.x database, last written using SQLite version 3038005
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\AM PROJECT PDF.exe
"C:\Users\user\Desktop\AM PROJECT PDF.exe"
malicious
C:\Users\user\Desktop\AM PROJECT PDF.exe
C:\Users\user\Desktop\AM PROJECT PDF.exe
malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
malicious
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
malicious

URLs

Name
IP
Malicious
http://www.fellyhub.com/rdny/?7n-=6lYX&A0G=dZ8Ayr2drPdNVPVmuvzgGnZ5EDtn0CBwsWjIF75G8uy0K/UwgFE8TCCkfo+4feZhoJ7iWr04K24a/vrIrcJXcRwwE/YP1kXGBw==
162.241.194.111
malicious
www.texasfirsthonda.com/rdny/
malicious
http://www.fellyhub.com/js/common.js?ver=220620
unknown
http://www.fellyhub.com/plugin/pwa/images/icons/icon-72x72.png
unknown
https://duckduckgo.com/chrome_newtab
unknown
http://www.fontbureau.com/designersG
unknown
http://www.fellyhub.com/bbs/notice.php
unknown
https://duckduckgo.com/ac/?q=
unknown
http://www.fellyhub.com/js/html5.js
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://www.fontbureau.com/designers?
unknown
http://vlovemeiwonv.cafe24.com/js/jquery-1.12.4.min.js?ver=191202
unknown
http://www.soraligne.com/rdny/
34.102.136.180
https://search.yahoo.com?fr=crmas_sfpf
unknown
http://www.tiro.com
unknown
http://www.fontbureau.com/designers
unknown
http://www.fellyhub.com/bbs/content.php?co_id=privacy
unknown
http://www.goodfont.co.kr
unknown
https://use.fontawesome.com/releases/v5.3.1/css/all.css
unknown
http://www.fellyhub.com/bbs/free.php
unknown
http://www.fellyhub.com/js/jquery-1.12.4.min.js?ver=220620
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
http://www.fellyhub.com/bbs/qa.php
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://fontfabrik.com
unknown
http://www.fellyhub.com
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://vlovemeiwonv.cafe24.com/js/jquery-migrate-1.4.1.min.js?ver=191202
unknown
http://www.fellyhub.com/theme/tailwind0.3/css/tailwind.min.css?ver=220620
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
http://www.fellyhub.com/js/placeholders.min.js?ver=220620
unknown
http://www.sakkal.com
unknown
http://www.fellyhub.com/bbs/content.php?co_id=company
unknown
http://www.fellyhub.com/theme/tailwind0.3/js/sweetalert2.min.js?ver=220620
unknown
http://www.fellyhub.com/bbs/password_lost.php
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://www.fellyhub.com/theme/tailwind0.3/js/jquery.menu.js?ver=220620
unknown
http://www.fellyhub.com/js/wrest.js?ver=220620
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://www.fellyhub.com/theme/tailwind0.3/js/common.js?ver=220620
unknown
http://www.fellyhub.com/js/jquery-migrate-1.4.1.min.js?ver=220620
unknown
http://www.fellyhub.com/theme/tailwind0.3/js/swiper.min.css?ver=220620
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
unknown
http://www.fellyhub.com/bbs/login_check.php
unknown
http://www.soraligne.com/rdny/?A0G=nirRoMghSnbgIhB91EMNSfP7/7ht0QeVg0GeLwyPWvopBgzqt2G+p533L6eaW6GeyJy3z9ND4nEybKooy0llY69rAo//5MT1xA==&7n-=6lYX
34.102.136.180
http://www.fellyhub.com/bbs/gallery.php
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=1
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=2
unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=5
unknown
http://www.fellyhub.com/bbs
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=6
unknown
http://www.fellyhub.com/theme/tailwind0.3/js/swiper.min.js?ver=220620
unknown
http://www.carterandcone.coml
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=3
unknown
http://www.fellyhub.com/bbs/board.php?bo_table=photo&wr_id=4
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://search.yahoo.com?fr=crmas_sfp
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.fellyhub.com/theme/tailwind0.3
unknown
http://www.founder.com.cn/cn
unknown
http://www.fellyhub.com/bbs/register.php
unknown
http://www.fontbureau.com/designers/frere-jones.html
unknown