Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RecMin_Free_Install_v_2023_r1.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Windows\Setup1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6ES.DLL
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6STKIT.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF0A381E4EDE7F967C.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1028A87FB36BFAC7.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ST6UNST Uninstaller.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Archive, ctime=Thu Oct 31 12:50:41 2024, mtime=Thu Oct 31 12:50:42 2024, atime=Thu
Oct 31 12:50:42 2024, length=74240, window=hide
|
dropped
|
||
|
C:\WINDOWS\ST6UNST.EXE (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\RMedit.CAB
|
Microsoft Cabinet archive data, many, 15372801 bytes, 68 files, at 0x1830 +A "RMedit.exe" +A "msvbvm60.dll", flags 0x4, ID
64812, number 1, extra bytes 6144 in head, 1473 datablocks, 0x1 compression
|
dropped
|
||
|
C:\Windows\SETUP.LST
|
Generic INItialization configuration [Bootstrap Files]
|
dropped
|
||
|
C:\Windows\ST6UNST.000
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\temp.000
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 2 hidden files, click here to show them.