Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_d40d71effb912ebf90e190f862d1d86f16e1e4c6.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\is-I76QC.tmp\$R11M6SU.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-MKE94.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-MKE94.tmp\botva2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
d3vnxrgxbv8od6.cloudfront.net
|
18.66.121.171
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.66.121.171
|
d3vnxrgxbv8od6.cloudfront.net
|
United States
|