Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Predios.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
|
initial sample
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\coree103.rra
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\corecomp.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\e0d4.rra
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab
|
InstallShield CAB
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.hdr
|
InstallShield CAB
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data2.cab
|
InstallShield CAB
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\ikernel.ex_
|
MS Compress archive data, SZDD variant, original size: 614532 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\layout.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk2\data3.cab
|
InstallShield CAB
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\pftw1.pkg
|
Microsoft Cabinet archive data, many, 1981877 bytes, 9 files, at 0x2c +A "\Disk1\data1.cab" +A "\Disk1\data1.hdr", ID 12345,
number 1, 68 datablocks, 0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\plfDD4A.tmp
|
Generic INItialization configuration [Dialog1001]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\Licee345.rra
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\License.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRes.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\defae393.rra
|
RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\default.pal (copy)
|
RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrt.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setue335.rra
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setup.inx (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value.shl (copy)
|
Generic INItialization configuration [Data]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value374.rra
|
Generic INItialization configuration [Data]
|
dropped
|
There are 26 hidden files, click here to show them.