Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Player reports algnet 07-10-2024 .pdf www.skype.com.7z
|
7-zip archive data, version 0.4
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\HitPawInfo.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HitPawInfo.exe_4f927396ed7e1d24c97d8c6f3e8aee163dda5_092f0bdd_bf0ca793-66b3-435b-9b49-441b79f6b4c1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46FC.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 15:11:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER476B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER479B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\Dutchai.lng
|
Unicode text, UTF-8 (with BOM) text, with very long lines (348), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\Uninstall.ini
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aidatafile.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aiheader.bmp
|
PC bitmap, Windows 3.x format, 498 x 55 x 24, image size 82280, cbSize 82334, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aisetup.ini
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aisetup.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aiwizard.bmp
|
PC bitmap, Windows 3.x format, 500 x 314 x 24, image size 471000, cbSize 471054, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PCInfo.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Respc.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=4, manufacturer=Canon, model=Canon PowerShot SX20 IS, orientation=upper-left], baseline, precision 8, 640x480,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ResourceCommander\Promptdource.xml
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ResourceCommander\ResPrompt.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
There are 8 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gibbooc2.com
|
154.21.14.89
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.21.14.89
|
gibbooc2.com
|
United States
|