Files
There are 13 hidden files, click here to show them.
IOC Report
PoP8Setup.exe
Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PoP8Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Uninstall\{D7808C1C-93A9-4369-8385-A789888ED9D7}\x86\regsvr32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Program Files\Harzing's Publish or Perish 8\WebView2Loader.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\WebView2Loader.dll._rb (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\WebView2Loader.dll._tm
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\pop8query.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\pop8query.exe._tm
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\pop8win.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\pop8win.exe._tm
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\twux.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Harzing's Publish or Perish 8\twux.exe._tm
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publish or Perish 8.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Normal,
ctime=Thu Apr 25 17:01:02 2024, mtime=Thu Apr 25 17:01:02 2024, atime=Tue Mar 12 12:28:00 2024, length=4117528, window=hide
|
dropped
|
||
|
C:\ProgramData\Uninstall\{D7808C1C-93A9-4369-8385-A789888ED9D7}\Setup.dat
|
data
|
dropped
|
||
|
C:\ProgramData\Uninstall\{D7808C1C-93A9-4369-8385-A789888ED9D7}\Tsu.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Uninstall\{D7808C1C-93A9-4369-8385-A789888ED9D7}\x64\regsvr32.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\36071EAE.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\36071EAE\Readme.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\36071EAE\Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\36071EAE\Setup.ico
|
MS Windows icon resource - 8 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\36071EAE\_Setup.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PoP8Setup-20240425T200106-Install.log (copy)
|
Unicode text, UTF-8 (with BOM) text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PoP8SetupEC18E846.log
|
Unicode text, UTF-8 (with BOM) text
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Tsu8BBD8215.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 13 hidden files, click here to show them.