Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
$RWRW8GN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\CheatEngine74.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\botva2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-98J8H.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-M41BH.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod0 (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod0.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod1_extract\saBSI.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\zbShieldUtils.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-ML8F6.tmp\$RWRW8GN.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\AVG_BRW.png (copy)
|
PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\RAV_Cross.png (copy)
|
PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\WebAdvisor.png (copy)
|
PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-5O4U5.tmp
|
PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-8IG6P.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-JM3L4.tmp
|
PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-LNRJO.tmp
|
PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\is-O9CCD.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\logo.png
|
PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod1 (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod1.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-CFAOK.tmp\prod2 (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
There are 13 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
shield.reasonsecurity.com
|
104.22.1.235
|
||
mosaic-nova.apis.mcafee.com
|
52.36.122.185
|
||
d2oq4dwfbh6gxl.cloudfront.net
|
13.33.19.164
|
||
analytics.apis.mcafee.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.22.1.235
|
shield.reasonsecurity.com
|
United States
|
||
13.33.19.164
|
d2oq4dwfbh6gxl.cloudfront.net
|
United States
|