Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
H1pXo79CPd
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Recovery\nw_elf.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\ClientDaemon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\nw_elf.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ClientDaemon.exe_ba598b36f84f8d89f975d848c6abb9337824ed7_02b26f1f_7d3f8875-b0d3-4246-a4b5-06fd93ba1207\Report.wer
|
TeX document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ClientDaemon.exe_ba598b36f84f8d89f975d848c6abb9337824ed7_02b26f1f_eb20255e-ed09-4b2c-a804-77ad66051d32\Report.wer
|
TeX document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B17.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Oct 2 15:54:13 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BF2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C51.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Recovery\cb.txt
|
data
|
dropped
|
||
C:\Recovery\cd.txt
|
data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
103.118.253.78
|
unknown
|
China
|
||
20.42.73.29
|
unknown
|
United States
|
||
20.42.65.92
|
unknown
|
United States
|
||
111.67.195.167
|
unknown
|
China
|