Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DTLite1200-2126.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\DAEMON Tools Lite\DTAgent.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTHelper.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTLite.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTShl32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTShl64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Engine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Extractor.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\QuickConverter.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\imgengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\sptdintf.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\uninst.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\DAEMON Tools Lite\DTLite.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\DAEMON Tools Lite\DTShl.propdesc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\DAEMON Tools Lite\Profiles.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
|
data
|
dropped
|
||
|
C:\ProgramData\Disc-Soft\DAEMON Tools Lite\license.dat
|
data
|
modified
|
||
|
C:\ProgramData\Disc-Soft\DAEMON Tools Lite\settings.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite\DAEMON Tools Lite.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 23:16:29
2024, mtime=Thu Apr 18 23:16:30 2024, atime=Thu Apr 18 23:16:30 2024, length=9367888, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 23:16:29
2024, mtime=Thu Apr 18 23:16:33 2024, atime=Thu Apr 18 23:16:30 2024, length=9367888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\SET526E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.cat (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE43E68E5263853D1.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\INF\oem5.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Windows\INF\setupapi.dev.log
|
Generic INItialization configuration [BeginLog]
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\SET5B3.tmp
|
Windows setup INFormation
|
dropped
|
||
|
C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\dtlitescsibus.inf (copy)
|
Windows setup INFormation
|
dropped
|
||
|
C:\Windows\System32\catroot2\dberr.txt
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\bff24d08d319d799a185f4217860a567\System.Data.Entity.ni.dll.aux.tmp
|
Matlab v4 mat-file (little endian) X, rows 1880, columns 11, imaginary
|
dropped
|
There are 70 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dt.web-search-home.com
|
161.35.103.80
|
||
|
wsh-59477fcee407fa1b188bd9152683fcf7.fra1.cdn.digitaloceanspaces.com
|
172.64.145.29
|
||
|
d1i9zsetliuqlw.cloudfront.net
|
3.162.93.143
|
||
|
secure.disc-soft.com
|
161.35.212.100
|
||
|
d18pai2j2nazug.cloudfront.net
|
18.160.45.150
|
||
|
web-search-home.com
|
161.35.103.80
|
||
|
ocsp.sectigo.com
|
unknown
|
||
|
crl.sectigo.com
|
unknown
|
||
|
download.websearchhome.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.18.38.233
|
unknown
|
United States
|
||
|
192.168.2.148
|
unknown
|
unknown
|
||
|
192.168.2.149
|
unknown
|
unknown
|
||
|
192.168.2.146
|
unknown
|
unknown
|
||
|
192.168.2.147
|
unknown
|
unknown
|
||
|
192.168.2.140
|
unknown
|
unknown
|
||
|
192.168.2.141
|
unknown
|
unknown
|
||
|
192.168.2.144
|
unknown
|
unknown
|
||
|
192.168.2.145
|
unknown
|
unknown
|
||
|
192.168.2.142
|
unknown
|
unknown
|
||
|
192.168.2.143
|
unknown
|
unknown
|
||
|
192.168.2.159
|
unknown
|
unknown
|
||
|
192.168.2.157
|
unknown
|
unknown
|
||
|
192.168.2.158
|
unknown
|
unknown
|
||
|
192.168.2.151
|
unknown
|
unknown
|
||
|
192.168.2.152
|
unknown
|
unknown
|
||
|
192.168.2.150
|
unknown
|
unknown
|
||
|
192.168.2.155
|
unknown
|
unknown
|
||
|
192.168.2.156
|
unknown
|
unknown
|
||
|
192.168.2.153
|
unknown
|
unknown
|
||
|
192.168.2.154
|
unknown
|
unknown
|
||
|
192.168.2.126
|
unknown
|
unknown
|
||
|
192.168.2.247
|
unknown
|
unknown
|
||
|
192.168.2.127
|
unknown
|
unknown
|
||
|
192.168.2.248
|
unknown
|
unknown
|
||
|
192.168.2.124
|
unknown
|
unknown
|
||
|
192.168.2.245
|
unknown
|
unknown
|
||
|
192.168.2.125
|
unknown
|
unknown
|
||
|
192.168.2.246
|
unknown
|
unknown
|
||
|
192.168.2.128
|
unknown
|
unknown
|
||
|
192.168.2.249
|
unknown
|
unknown
|
||
|
192.168.2.129
|
unknown
|
unknown
|
||
|
192.168.2.240
|
unknown
|
unknown
|
||
|
192.168.2.122
|
unknown
|
unknown
|
||
|
192.168.2.243
|
unknown
|
unknown
|
||
|
192.168.2.123
|
unknown
|
unknown
|
||
|
192.168.2.244
|
unknown
|
unknown
|
||
|
192.168.2.120
|
unknown
|
unknown
|
||
|
192.168.2.241
|
unknown
|
unknown
|
||
|
192.168.2.121
|
unknown
|
unknown
|
||
|
192.168.2.242
|
unknown
|
unknown
|
||
|
192.168.2.97
|
unknown
|
unknown
|
||
|
192.168.2.137
|
unknown
|
unknown
|
||
|
192.168.2.96
|
unknown
|
unknown
|
||
|
192.168.2.138
|
unknown
|
unknown
|
||
|
192.168.2.99
|
unknown
|
unknown
|
||
|
192.168.2.135
|
unknown
|
unknown
|
||
|
192.168.2.98
|
unknown
|
unknown
|
||
|
192.168.2.136
|
unknown
|
unknown
|
||
|
192.168.2.139
|
unknown
|
unknown
|
||
|
192.168.2.250
|
unknown
|
unknown
|
||
|
192.168.2.130
|
unknown
|
unknown
|
||
|
192.168.2.251
|
unknown
|
unknown
|
||
|
192.168.2.91
|
unknown
|
unknown
|
||
|
192.168.2.90
|
unknown
|
unknown
|
||
|
192.168.2.93
|
unknown
|
unknown
|
||
|
192.168.2.133
|
unknown
|
unknown
|
||
|
192.168.2.254
|
unknown
|
unknown
|
||
|
192.168.2.92
|
unknown
|
unknown
|
||
|
192.168.2.134
|
unknown
|
unknown
|
||
|
192.168.2.95
|
unknown
|
unknown
|
||
|
192.168.2.131
|
unknown
|
unknown
|
||
|
192.168.2.252
|
unknown
|
unknown
|
||
|
192.168.2.94
|
unknown
|
unknown
|
||
|
192.168.2.132
|
unknown
|
unknown
|
||
|
192.168.2.253
|
unknown
|
unknown
|
||
|
192.168.2.104
|
unknown
|
unknown
|
||
|
192.168.2.225
|
unknown
|
unknown
|
||
|
192.168.2.105
|
unknown
|
unknown
|
||
|
192.168.2.226
|
unknown
|
unknown
|
||
|
192.168.2.102
|
unknown
|
unknown
|
||
|
192.168.2.223
|
unknown
|
unknown
|
||
|
192.168.2.103
|
unknown
|
unknown
|
||
|
192.168.2.224
|
unknown
|
unknown
|
||
|
192.168.2.108
|
unknown
|
unknown
|
||
|
192.168.2.229
|
unknown
|
unknown
|
||
|
192.168.2.109
|
unknown
|
unknown
|
||
|
192.168.2.106
|
unknown
|
unknown
|
||
|
192.168.2.227
|
unknown
|
unknown
|
||
|
192.168.2.107
|
unknown
|
unknown
|
||
|
192.168.2.228
|
unknown
|
unknown
|
||
|
192.168.2.100
|
unknown
|
unknown
|
||
|
192.168.2.221
|
unknown
|
unknown
|
||
|
192.168.2.101
|
unknown
|
unknown
|
||
|
192.168.2.222
|
unknown
|
unknown
|
||
|
192.168.2.220
|
unknown
|
unknown
|
||
|
192.168.2.115
|
unknown
|
unknown
|
||
|
192.168.2.236
|
unknown
|
unknown
|
||
|
192.168.2.116
|
unknown
|
unknown
|
||
|
192.168.2.237
|
unknown
|
unknown
|
||
|
192.168.2.113
|
unknown
|
unknown
|
||
|
192.168.2.234
|
unknown
|
unknown
|
||
|
18.160.45.150
|
d18pai2j2nazug.cloudfront.net
|
United States
|
||
|
192.168.2.114
|
unknown
|
unknown
|
||
|
192.168.2.235
|
unknown
|
unknown
|
||
|
192.168.2.119
|
unknown
|
unknown
|
||
|
192.168.2.117
|
unknown
|
unknown
|
||
|
192.168.2.238
|
unknown
|
unknown
|
||
|
192.168.2.118
|
unknown
|
unknown
|
||
|
192.168.2.239
|
unknown
|
unknown
|
There are 90 hidden IPs, click here to show them.