Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
LADMAutoInstallService.exe.7z
|
7-zip archive data, version 0.4
|
initial sample
|
||
C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UDCC Launcher.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UiLib_d_x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\config.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\Version.txt
|
ASCII text, with CR line terminators
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\udcc_launcher.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\views[1]
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\views[1]
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeptjjcr.rsg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF67f3d1.TMP
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DZ5DQ3T403L02FEGO6YO.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F6QRG33SFZMC7O71K8JV.temp
|
data
|
dropped
|
||
C:\Users\user\Desktop\LADMAutoInstallService.exe\LADMAutoInstallService.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with very long lines (733), with no line terminators, with escape sequences
|
dropped
|
There are 9 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
s-part-t-9999.t-msedge.net
|
13.107.246.254
|
||
arm-9999.arm-msedge.net
|
4.150.240.254
|
||
download.lenovo.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
23.212.88.224
|
unknown
|
United States
|