Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
invoice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\HostData\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\RarSFX0\4usfliof.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\RarSFX0\yee9mbi69cm7.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xe22c1279, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_4usfliof.exe_a3d47586b2c69266b12d8e2b19c3534f9227641_387adc58_868073ac-51a0-4917-9916-aa69f0fa1e47\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yee9mbi69cm7.exe_6fddb4b4b7c58a1de7975d74ffa3f4d605395ef_b588fa24_8853fd16-c8fc-4d73-89e1-f78d31385c18\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18E8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri May 3 12:35:31 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1946.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1976.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FDD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri May 3 12:35:33 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER203C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER205C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpvf0cf2.yov.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
There are 8 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
github.com
|
140.82.114.3
|
||
pastebin.com
|
104.20.4.235
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
140.82.114.3
|
github.com
|
United States
|
||
104.20.4.235
|
pastebin.com
|
United States
|
||
20.42.73.29
|
unknown
|
United States
|
||
23.41.168.93
|
unknown
|
United States
|
||
135.181.7.171
|
unknown
|
Germany
|
||
127.0.0.1
|
unknown
|
unknown
|