Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
LADMAutoInstallService.exe.7z
|
7-zip archive data, version 0.4
|
initial sample
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UDCC Launcher.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UiLib_d_x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\config.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\Version.txt
|
ASCII text, with CR line terminators
|
dropped
|
||
C:\Program Files (x86)\UDCCLauncher\udcc_launcher.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x14a91fc5, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkcp4jtb.epk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7R6WWBHVONHC52YJFVV2.temp
|
data
|
dropped
|
||
C:\Users\user\Desktop\LADMAutoInstallService.exe\LADMAutoInstallService.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 5 hidden files, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
c-9999.c-msedge.net
|
13.107.4.254
|
||
dual-s-9999.dual-s-msedge.net
|
52.123.128.254
|
||
download.lenovo.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
40.126.32.140
|
unknown
|
United States
|
||
23.212.88.224
|
unknown
|
United States
|
||
184.28.90.27
|
unknown
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|