Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
MagicUtilities-Setup-3.1.4.5-Win10.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\MagicUtilities\Service\MagicUtilities_Service.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
C:\Program Files (x86)\MagicUtilities\Service\is-5TT39.tmp
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\MagicUtilities\Service\BluetoothPairing.exe (copy)
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\MagicUtilities\Service\is-IEGHA.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
C:\Program Files (x86)\MagicUtilities\Uninstall\unins000.dat
|
InnoSetup Log Magic Utilities {C457C829-197E-41EF-AEF2-FF998099E695}, version 0x418, 73928 bytes, 035347\37\user\376\, C:\Program
Files (x86)\MagicUtilities\376\
|
dropped
|
||
C:\Program Files (x86)\MagicUtilities\Uninstall\unins000.msg
|
InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
|
dropped
|
||
C:\ProgramData\MagicUtilities\MagicUtilities.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Mouse Utilities.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Sep 30 04:11:59 2024, mtime=Mon Sep 30 04:11:59 2024, atime=Mon Mar 18 17:23:40 2024, length=16858496, window=hide
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-FVTT9.tmp\MagicUtilities-Setup-3.1.4.5-Win10.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\DriverUnInstaller.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\InfoBefore_Restart.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1252
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\InfoBefore_Update.rtf (copy)
|
Rich Text Format data, version 1, ANSI, code page 1252
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\is-DFFA0.tmp
|
Rich Text Format data, version 1, ANSI, code page 1252
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-NQ6PL.tmp\is-QEU9N.tmp
|
Rich Text Format data, version 1, ANSI, code page 1252
|
dropped
|
||
C:\Users\user\Desktop\Magic Mouse Utilities.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Sep 30 04:11:59 2024, mtime=Mon Sep 30 04:12:00 2024, atime=Mon Mar 18 17:23:40 2024, length=16858496, window=hide
|
dropped
|
||
C:\Windows\INF\setupapi.dev.log
|
Generic INItialization configuration [BeginLog]
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\Windows\System32\catroot2\dberr.txt
|
ASCII text, with CRLF line terminators
|
modified
|
||
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 11 hidden files, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
184.28.90.27
|
unknown
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|