Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
sample.zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HAYXG4SY\LMPPM1MU.htm
|
HTML document, ASCII text, with very long lines (10298), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\css2[1].css
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LBJSHBRP\email-decode.min[1].js
|
HTML document, ASCII text, with very long lines (1238)
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MX73DBBW\font[1].eot
|
Embedded OpenType (EOT), Nunito Sans 12pt Light family
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\SumatraPDF\SumatraPDF.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\Desktop\SumatraPDF.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 16:16:38
2024, mtime=Thu Apr 18 16:16:38 2024, atime=Wed Oct 25 05:17:54 2023, length=16065496, window=hide
|
dropped
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
pixel.pdfixers.com
|
172.67.147.142
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.105.94
|
unknown
|
United States
|
||
172.67.147.142
|
pixel.pdfixers.com
|
United States
|
||
172.253.124.95
|
unknown
|
United States
|