Analysis Overview
SHA256
2205e931fcca292889c4845eb2b0e961fc7b598c276b6abf71bb5cf6c59c1132
Threat Level: Known bad
The file 8.rar was found to be: Known bad.
Malicious Activity Summary
RedLine Payload
SmokeLoader
Vidar
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
Glupteba
Raccoon Stealer Payload
Raccoon
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
RedLine
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Suspicious use of NtCreateProcessExOtherParentProcess
Glupteba Payload
MetaSploit
Vidar Stealer
Nirsoft
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Executes dropped EXE
ASPack v2.12-2.42
Drops file in Drivers directory
VMProtect packed file
Downloads MZ/PE file
Blocklisted process makes network request
UPX packed file
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Loads dropped DLL
Checks BIOS information in registry
Themida packer
Drops startup file
Checks whether UAC is enabled
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
Adds Run key to start application
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: SetClipboardViewer
Suspicious behavior: MapViewOfSection
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Enumerates system info in registry
Script User-Agent
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-08-13 10:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-13 10:16
Reported
2021-08-13 10:43
Platform
win11
Max time kernel
86s
Max time network
208s
Command Line
Signatures
Glupteba
Glupteba Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MetaSploit
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe |
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.exe" | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" | C:\Users\Admin\AppData\Roaming\8114088.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5788 set thread context of 6048 | N/A | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe |
| PID 5740 set thread context of 3932 | N/A | C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe | C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_dirac_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\audio_output\libafile_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libtta_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\misc\libexport_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\images\speaker-32.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libdemux_cdg_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libsmf_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\control\libhotkeys_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libvobsub_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\images\buttons.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\meta\reader\filename.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\js\common.js | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\intf\cli.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\librawaud_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\mobile_equalizer.html | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\images\Folder-48.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\access\libvcd_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libdiracsys_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\is-P13D5.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libpva_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\spu\liblogo_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\data_load.exe | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\intf\modules\host.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\playlist\cue.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_flac_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\requests\browse.json | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\access\libaccess_imem_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libdemuxdump_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lighteningplayer-cache-gen.exe | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\control\libgestures_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\librawdv_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\dialogs\stream_window.html | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\requests\status.xml | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\control\libntservice_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libty_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libvoc_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\video_splitter\libclone_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\dialogs\browse_window.html | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\intf\luac.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\modules\dkjson.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\connection.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\custom.lua | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\mux\libmux_dummy_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\logger\libconsole_logger_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\vlm.html | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\playlist\bbc_co_uk.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\playlist\vimeo.luac | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\misc\libaddonsvorepository_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_copy_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_dts_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libgme_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\mux\libmux_asf_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\access\libidummy_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\lua\liblua_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\d3d11\libdirect3d11_filters_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\demux\libsubtitle_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\plugins\packetizer\libpacketizer_vc1_plugin.dll | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
| File created | C:\Program Files (x86)\lighteningplayer\lua\http\css\main.css | C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\SysWOW64\WerFault.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\sihclient.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\System32\sihclient.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f8278c54-a712-415b-b593-b77a2be0dda9}\Instance\ | N/A | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\bDqRzXdCTpLzYyoSz_dPvBT8.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\oarWi7uU2p8LHM4_EpbluQY3.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\3568807.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\4659369.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\8698367.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\6944905.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\4519590.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\2ueQSyqopXXNYf8KFCG65Gh4.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\6792303.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8 (3).exe
"C:\Users\Admin\AppData\Local\Temp\8 (3).exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_7.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_3.exe
sonia_3.exe
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_2.exe
sonia_2.exe
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.exe
sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_3.exe
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_5.exe
sonia_5.exe
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_4.exe
sonia_4.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 572 -ip 572
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_6.exe
sonia_6.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 496
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.exe
"C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.exe" -a
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4924 -ip 4924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3116 -ip 3116
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 244
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5368 -ip 5368
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 456
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Users\Admin\Documents\_f2sJ5S2ZhEnlM42EeHXplIV.exe
"C:\Users\Admin\Documents\_f2sJ5S2ZhEnlM42EeHXplIV.exe"
C:\Users\Admin\Documents\T8xDAZMgqa3KJVG0JU7sPHTh.exe
"C:\Users\Admin\Documents\T8xDAZMgqa3KJVG0JU7sPHTh.exe"
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
"C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe"
C:\Users\Admin\Documents\9euI9Lu3UBMqFnhjQtXIU_y0.exe
"C:\Users\Admin\Documents\9euI9Lu3UBMqFnhjQtXIU_y0.exe"
C:\Users\Admin\Documents\bDqRzXdCTpLzYyoSz_dPvBT8.exe
"C:\Users\Admin\Documents\bDqRzXdCTpLzYyoSz_dPvBT8.exe"
C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe
"C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe"
C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe
"C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5752 -ip 5752
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv R3q930x020WnyfI9gsy3Ow.0.2
C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe
"C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe"
C:\Users\Admin\Documents\1S1NA2Zmby7lsGyRexfuLYjt.exe
"C:\Users\Admin\Documents\1S1NA2Zmby7lsGyRexfuLYjt.exe"
C:\Users\Admin\Documents\oarWi7uU2p8LHM4_EpbluQY3.exe
"C:\Users\Admin\Documents\oarWi7uU2p8LHM4_EpbluQY3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6104 -ip 6104
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 276
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 276
C:\Users\Admin\Documents\lpWtbKjTpenAEX7sBF1KmRKX.exe
"C:\Users\Admin\Documents\lpWtbKjTpenAEX7sBF1KmRKX.exe"
C:\Users\Admin\AppData\Roaming\3568807.exe
"C:\Users\Admin\AppData\Roaming\3568807.exe"
C:\Users\Admin\AppData\Roaming\8114088.exe
"C:\Users\Admin\AppData\Roaming\8114088.exe"
C:\Users\Admin\AppData\Roaming\8698367.exe
"C:\Users\Admin\AppData\Roaming\8698367.exe"
C:\Users\Admin\AppData\Roaming\4519590.exe
"C:\Users\Admin\AppData\Roaming\4519590.exe"
C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp" /SL5="$601F6,138429,56832,C:\Users\Admin\Documents\lpWtbKjTpenAEX7sBF1KmRKX.exe"
C:\Users\Admin\AppData\Roaming\4659369.exe
"C:\Users\Admin\AppData\Roaming\4659369.exe"
C:\Users\Admin\AppData\Roaming\6944905.exe
"C:\Users\Admin\AppData\Roaming\6944905.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe
"C:\Users\Admin\Documents\1y4i0Jd1zp8RtYtRq5IpF02m.exe"
C:\Users\Admin\AppData\Local\Temp\is-P13D5.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-P13D5.tmp\Setup.exe" /Verysilent
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\8eRZDfO1sE_ncMOXd4643jpW.exe
"C:\Users\Admin\Documents\8eRZDfO1sE_ncMOXd4643jpW.exe"
C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe
"C:\Users\Admin\Documents\PXGFEvetfo20YxRHZwiGOgov.exe"
C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe
"C:\Users\Admin\Documents\Zl14TiIC4mbFtvvG3BKhBfTz.exe"
C:\Users\Admin\Documents\gqDXzn0ASbKRe8FTudT66X2X.exe
"C:\Users\Admin\Documents\gqDXzn0ASbKRe8FTudT66X2X.exe"
C:\Users\Admin\Documents\ibxINZMiQpR5I32xCvPxH15J.exe
"C:\Users\Admin\Documents\ibxINZMiQpR5I32xCvPxH15J.exe"
C:\Users\Admin\Documents\2ueQSyqopXXNYf8KFCG65Gh4.exe
"C:\Users\Admin\Documents\2ueQSyqopXXNYf8KFCG65Gh4.exe"
C:\Users\Admin\Documents\HIlirLkDZaRA_zLJsSxMganh.exe
"C:\Users\Admin\Documents\HIlirLkDZaRA_zLJsSxMganh.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1780 -ip 1780
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 276
C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe"
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe"
C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe
"C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe"
C:\Users\Admin\AppData\Local\Temp\note8876.exe
"C:\Users\Admin\AppData\Local\Temp\note8876.exe" end
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\6792303.exe
"C:\Users\Admin\AppData\Roaming\6792303.exe"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Users\Admin\AppData\Roaming\1750317.exe
"C:\Users\Admin\AppData\Roaming\1750317.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsu5F4E.tmp\tempfile.ps1"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2164 -ip 2164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 5400 -ip 5400
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 5384 -ip 5384
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5400 -s 2392
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5384 -s 2400
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 948 -ip 948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2556
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 5624 -ip 5624
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5624 -s 2260
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsu5F4E.tmp\tempfile.ps1"
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsu5F4E.tmp\tempfile.ps1"
C:\Users\Admin\AppData\Local\Temp\372E.exe
C:\Users\Admin\AppData\Local\Temp\372E.exe
C:\Users\Admin\AppData\Local\Temp\3B55.exe
C:\Users\Admin\AppData\Local\Temp\3B55.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3388 -ip 3388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 276
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsu5F4E.tmp\tempfile.ps1"
C:\Users\Admin\AppData\Local\Temp\4096.exe
C:\Users\Admin\AppData\Local\Temp\4096.exe
C:\Users\Admin\AppData\Local\Temp\4385.exe
C:\Users\Admin\AppData\Local\Temp\4385.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5144 -ip 5144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 236
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsu5F4E.tmp\tempfile.ps1"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2d055 /state1:0x41c64e6d
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | oneocsp.microsoft.com | udp |
| N/A | 131.253.33.203:80 | oneocsp.microsoft.com | tcp |
| N/A | 20.189.173.14:443 | tcp | |
| N/A | 2.18.105.186:80 | go.microsoft.com | tcp |
| N/A | 20.189.118.208:80 | dmd.metaservices.microsoft.com | tcp |
| N/A | 51.124.78.146:443 | settings-win.data.microsoft.com | tcp |
| N/A | 20.54.110.119:443 | tsfe.trafficshaping.dsp.mp.microsoft.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 104.26.4.15:443 | api.db-ip.com | tcp |
| N/A | 104.26.4.15:443 | api.db-ip.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 37.0.8.235:80 | 37.0.8.235 | tcp |
| N/A | 127.0.0.1:49747 | tcp | |
| N/A | 127.0.0.1:49749 | tcp | |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 8.8.8.8:53 | 3freeprivacytoolsforyou.xyz | udp |
| N/A | 8.8.8.8:53 | fsstoragecloudservice.com | udp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 104.21.88.226:80 | i.spesgrt.com | tcp |
| N/A | 8.8.8.8:53 | 22rtdfhjd.club | udp |
| N/A | 8.8.8.8:53 | seymakaymazoglu.com | udp |
| N/A | 8.8.8.8:53 | a.goatagame.com | udp |
| N/A | 77.246.144.104:80 | 3freeprivacytoolsforyou.xyz | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 172.67.162.206:80 | 22rtdfhjd.club | tcp |
| N/A | 104.21.49.131:80 | a.goatagame.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 104.21.49.131:80 | a.goatagame.com | tcp |
| N/A | 52.219.17.58:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 104.21.49.131:443 | a.goatagame.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 111.90.156.58:443 | fsstoragecloudservice.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 52.219.17.58:443 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 52.242.97.97:443 | fe3cr.delivery.mp.microsoft.com | tcp |
| N/A | 34.117.59.81:80 | ipinfo.io | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 104.26.9.187:80 | proxycheck.io | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.219.136.27:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 52.219.136.27:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 104.21.87.184:443 | all-brain-company.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 5.44.45.5:80 | readinglistforjuly1.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 157.240.21.35:443 | www.facebook.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 157.240.21.35:443 | www.facebook.com | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 45.14.49.128:16334 | 45.14.49.128 | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 91.241.19.52:80 | 91.241.19.52 | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 5.44.45.5:80 | readinglistforjuly1.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 20.44.10.123:443 | browser.pipe.aria.microsoft.com | tcp |
| N/A | 20.73.194.208:443 | settings-win.data.microsoft.com | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
memory/4952-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/4344-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
memory/572-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/572-163-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/572-164-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/572-165-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/572-168-0x0000000064940000-0x0000000064959000-memory.dmp
memory/572-166-0x0000000064940000-0x0000000064959000-memory.dmp
memory/572-167-0x0000000000400000-0x000000000051D000-memory.dmp
memory/4452-176-0x0000000000000000-mapping.dmp
memory/4444-179-0x0000000000000000-mapping.dmp
memory/4796-180-0x0000000000000000-mapping.dmp
memory/4656-181-0x0000000000000000-mapping.dmp
memory/4112-182-0x0000000000000000-mapping.dmp
memory/572-177-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4464-178-0x0000000000000000-mapping.dmp
memory/4984-183-0x0000000000000000-mapping.dmp
memory/4924-184-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_3.exe
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/4904-185-0x0000000000000000-mapping.dmp
memory/3116-187-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_6.txt
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_5.txt
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_4.txt
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_3.txt
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_2.txt
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.txt
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/572-169-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3824-192-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_6.exe
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_5.exe
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_4.exe
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
memory/4736-191-0x0000000000000000-mapping.dmp
memory/772-190-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_2.exe
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
memory/4736-196-0x0000000000990000-0x0000000000991000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS853F72A3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3472-198-0x0000000000000000-mapping.dmp
memory/5192-201-0x0000000000000000-mapping.dmp
memory/4736-200-0x000000001B600000-0x000000001B602000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
memory/4924-204-0x0000000000B90000-0x0000000000C2D000-memory.dmp
memory/3116-206-0x0000000000A10000-0x0000000000A19000-memory.dmp
memory/5368-207-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dat
| MD5 | 99ab358c6f267b09d7a596548654a6ba |
| SHA1 | d5a643074b69be2281a168983e3f6bef7322f676 |
| SHA256 | 586339f93c9c0eed8a42829ab307f2c5381a636edbcf80df3770c27555034380 |
| SHA512 | 952040785a3c1dcaea613d2e0d46745d5b631785d26de018fd9f85f8485161d056bf67b19c96ae618d35de5d5991a0dd549d749949faea7a2e0f9991a1aa2b2b |
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/5764-214-0x0000000000000000-mapping.dmp
memory/5752-213-0x0000000000000000-mapping.dmp
memory/5740-212-0x0000000000000000-mapping.dmp
memory/5728-211-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\_f2sJ5S2ZhEnlM42EeHXplIV.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\_f2sJ5S2ZhEnlM42EeHXplIV.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\T8xDAZMgqa3KJVG0JU7sPHTh.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\T8xDAZMgqa3KJVG0JU7sPHTh.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
memory/5812-219-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\9euI9Lu3UBMqFnhjQtXIU_y0.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe
| MD5 | f8d92d2f91fd134e57b6764c0eba5de3 |
| SHA1 | 1ed71b2e5a398c1c1bc5f33cfe462d471a48fa52 |
| SHA256 | 420379eae2cab153a4f538c5c9b68d848e78d5c336c8e7e13a923913eb9ba32c |
| SHA512 | 47d514492022932bb03f771d51bb1909235f9ebf7152b502e2412052628ff85c0342de42b4da8644c820b8bcf1e52fcace0fbc82c32c6216b4c2da56cf5eac71 |
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
C:\Users\Admin\Documents\bDqRzXdCTpLzYyoSz_dPvBT8.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
memory/5764-231-0x0000000000960000-0x0000000000961000-memory.dmp
memory/5740-237-0x00000000058A0000-0x00000000058A1000-memory.dmp
memory/5812-235-0x0000000000180000-0x0000000000181000-memory.dmp
memory/5740-232-0x0000000000870000-0x0000000000871000-memory.dmp
C:\Users\Admin\Documents\bDqRzXdCTpLzYyoSz_dPvBT8.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/6104-241-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\4UdLc_mFcwqveMWoPB9bFRnK.exe
| MD5 | f8d92d2f91fd134e57b6764c0eba5de3 |
| SHA1 | 1ed71b2e5a398c1c1bc5f33cfe462d471a48fa52 |
| SHA256 | 420379eae2cab153a4f538c5c9b68d848e78d5c336c8e7e13a923913eb9ba32c |
| SHA512 | 47d514492022932bb03f771d51bb1909235f9ebf7152b502e2412052628ff85c0342de42b4da8644c820b8bcf1e52fcace0fbc82c32c6216b4c2da56cf5eac71 |
C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\58wjr4PU89QYrNHU_4CgnrYq.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
C:\Users\Admin\Documents\9euI9Lu3UBMqFnhjQtXIU_y0.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
memory/5788-216-0x0000000000000000-mapping.dmp
memory/5776-215-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\1S1NA2Zmby7lsGyRexfuLYjt.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\1S1NA2Zmby7lsGyRexfuLYjt.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
memory/5740-244-0x00000000052F0000-0x00000000052F1000-memory.dmp
memory/5752-243-0x0000000004880000-0x000000000491D000-memory.dmp
memory/6128-242-0x0000000000000000-mapping.dmp
memory/6048-245-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6048-240-0x0000000000000000-mapping.dmp
memory/5788-249-0x0000000002D80000-0x0000000002D8A000-memory.dmp
C:\Users\Admin\Documents\oarWi7uU2p8LHM4_EpbluQY3.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
memory/5740-254-0x0000000005400000-0x0000000005401000-memory.dmp
memory/6128-258-0x0000000000D30000-0x0000000000D31000-memory.dmp
memory/5740-256-0x0000000005E50000-0x0000000005E51000-memory.dmp
memory/5812-253-0x0000000000940000-0x0000000000955000-memory.dmp
C:\Users\Admin\Documents\oarWi7uU2p8LHM4_EpbluQY3.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
memory/5244-261-0x0000000000000000-mapping.dmp
memory/6128-260-0x0000000002CB0000-0x0000000002CC5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
C:\Users\Admin\Documents\x7FTjuwTomibB8p06AVC8eBD.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/5740-264-0x0000000005230000-0x00000000052C2000-memory.dmp
memory/6104-265-0x0000000002E50000-0x0000000002E59000-memory.dmp
memory/5764-268-0x00000000053D0000-0x0000000005976000-memory.dmp
memory/5740-267-0x00000000053F0000-0x00000000053F1000-memory.dmp
memory/6128-269-0x000000001BA60000-0x000000001BA62000-memory.dmp
memory/5812-266-0x000000001AED0000-0x000000001AED2000-memory.dmp
memory/5764-271-0x0000000005780000-0x0000000005781000-memory.dmp
memory/5776-272-0x00000000007C0000-0x00000000007C1000-memory.dmp
memory/4444-274-0x0000000000000000-mapping.dmp
memory/5776-275-0x0000000005F60000-0x0000000005F61000-memory.dmp
memory/5776-278-0x00000000057D0000-0x00000000057D1000-memory.dmp
memory/5400-280-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\3568807.exe
| MD5 | fabab477a6e10cea86bc448c20e0d522 |
| SHA1 | 24a1d01b18930308aa7ffd85f32c32171f5d3355 |
| SHA256 | 6dabfe3090b7dd3b0742c0db345e7eac9046c5e25ebc7246d94e7853d63f3518 |
| SHA512 | 8d7413b256ce16289535401fd6a7c2148f6a02b647da92d135e98e437c4ee45c058f8db5b35e68da5e820260f0176db337dd75f9beba07643791bdbdadf3b0f8 |
C:\Users\Admin\Documents\lpWtbKjTpenAEX7sBF1KmRKX.exe
| MD5 | 908fa1446bc3cc61c7f05e0f56067705 |
| SHA1 | 195948e4b235aa486ffe4f3c22fa5bcea4bb8ea4 |
| SHA256 | b2ff33ba5fb21b6ac2d560930be90451eb2197b75c781d162bf321149fe1323f |
| SHA512 | ee616b7b82177086ae749e145837eb895b5a9a1852830bed3f8d38939d4aa3c8b6a383b5be90e957a3fb5e4af298b108a0e7fa0ae1bcd4fe96791e137b0dcce0 |
C:\Users\Admin\Documents\lpWtbKjTpenAEX7sBF1KmRKX.exe
| MD5 | 908fa1446bc3cc61c7f05e0f56067705 |
| SHA1 | 195948e4b235aa486ffe4f3c22fa5bcea4bb8ea4 |
| SHA256 | b2ff33ba5fb21b6ac2d560930be90451eb2197b75c781d162bf321149fe1323f |
| SHA512 | ee616b7b82177086ae749e145837eb895b5a9a1852830bed3f8d38939d4aa3c8b6a383b5be90e957a3fb5e4af298b108a0e7fa0ae1bcd4fe96791e137b0dcce0 |
memory/5396-286-0x0000000000000000-mapping.dmp
memory/5384-285-0x0000000000000000-mapping.dmp
memory/5776-284-0x0000000005940000-0x0000000005941000-memory.dmp
C:\Users\Admin\AppData\Roaming\8114088.exe
| MD5 | 1d095bc417db73c6bc6e4c4e7b43106f |
| SHA1 | db7e49df1fb5a0a665976f98ff7128aeba40c5f3 |
| SHA256 | b529e11f2a855b7e7bca65ac994be9dc81191c7fe1b720addb90b98da33e7fee |
| SHA512 | 3d255ee420aa7eb0f5f28e060d968bf4369f4be3fc8f07bd32c5482fea055e8103347440d41d17d847c5b2b2d3fb2e3a40356db1a33911c0b25828739a88a097 |
C:\Users\Admin\AppData\Roaming\3568807.exe
| MD5 | fabab477a6e10cea86bc448c20e0d522 |
| SHA1 | 24a1d01b18930308aa7ffd85f32c32171f5d3355 |
| SHA256 | 6dabfe3090b7dd3b0742c0db345e7eac9046c5e25ebc7246d94e7853d63f3518 |
| SHA512 | 8d7413b256ce16289535401fd6a7c2148f6a02b647da92d135e98e437c4ee45c058f8db5b35e68da5e820260f0176db337dd75f9beba07643791bdbdadf3b0f8 |
memory/5504-283-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-9UC12.tmp\lpWtbKjTpenAEX7sBF1KmRKX.tmp
| MD5 | ffcf263a020aa7794015af0edee5df0b |
| SHA1 | bce1eb5f0efb2c83f416b1782ea07c776666fdab |
| SHA256 | 1d07cfb7104b85fc0dffd761f6848ad176117e146bbb4079fe993efa06b94c64 |
| SHA512 | 49f2b062adfb99c0c7f1012c56f0b52a8850d9f030cc32073b90025b372e4eb373f06a351e9b33264967427b8174c060c8a6110979f0eaf0872f7da6d5e4308a |
C:\Users\Admin\AppData\Roaming\8114088.exe
| MD5 | 1d095bc417db73c6bc6e4c4e7b43106f |
| SHA1 | db7e49df1fb5a0a665976f98ff7128aeba40c5f3 |
| SHA256 | b529e11f2a855b7e7bca65ac994be9dc81191c7fe1b720addb90b98da33e7fee |
| SHA512 | 3d255ee420aa7eb0f5f28e060d968bf4369f4be3fc8f07bd32c5482fea055e8103347440d41d17d847c5b2b2d3fb2e3a40356db1a33911c0b25828739a88a097 |
memory/4440-300-0x0000000000000000-mapping.dmp
memory/5728-299-0x0000026A5B590000-0x0000026A5B5FF000-memory.dmp
C:\Users\Admin\AppData\Roaming\8698367.exe
| MD5 | faa4540e9de679f1ccebd8919086707b |
| SHA1 | 244b5ca95e41f263e8357bb9ca5343623f07afe3 |
| SHA256 | c1dd8fb190e95d8530a42bec831fcffbfdad0b6091d79008dc6828ef1587b44e |
| SHA512 | 65f0d2baf3a3db9c77ed4607978e1ddae1513b60b1678fcab08bde0e1417f8381d62be2c546c9c674d3206fd5711e7482286831be93ccd8fd0abd137b2cab9ac |
memory/5504-304-0x0000000000840000-0x0000000000841000-memory.dmp
memory/948-301-0x0000000000000000-mapping.dmp
memory/5728-302-0x0000026A5B600000-0x0000026A5B6CF000-memory.dmp
memory/5384-305-0x0000000000940000-0x0000000000941000-memory.dmp
memory/5400-309-0x00000000024D0000-0x00000000024FB000-memory.dmp
memory/948-310-0x0000000000F00000-0x0000000000F01000-memory.dmp
memory/5396-307-0x00000000031C0000-0x00000000031FC000-memory.dmp
memory/4444-296-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5776-290-0x0000000005830000-0x0000000005831000-memory.dmp
C:\Users\Admin\AppData\Roaming\8698367.exe
| MD5 | faa4540e9de679f1ccebd8919086707b |
| SHA1 | 244b5ca95e41f263e8357bb9ca5343623f07afe3 |
| SHA256 | c1dd8fb190e95d8530a42bec831fcffbfdad0b6091d79008dc6828ef1587b44e |
| SHA512 | 65f0d2baf3a3db9c77ed4607978e1ddae1513b60b1678fcab08bde0e1417f8381d62be2c546c9c674d3206fd5711e7482286831be93ccd8fd0abd137b2cab9ac |
memory/3620-292-0x0000000000000000-mapping.dmp
memory/5400-291-0x0000000000320000-0x0000000000321000-memory.dmp
memory/5504-312-0x00000000011D0000-0x00000000011D7000-memory.dmp
memory/5396-314-0x00000000021A0000-0x00000000021A1000-memory.dmp
memory/5776-316-0x0000000005930000-0x0000000005931000-memory.dmp
memory/5384-317-0x00000000028E0000-0x00000000028E1000-memory.dmp
memory/5400-319-0x000000001B3F0000-0x000000001B3F1000-memory.dmp
memory/5396-322-0x0000000005A50000-0x0000000005A51000-memory.dmp
memory/4440-321-0x0000000000100000-0x0000000000101000-memory.dmp
memory/5396-326-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/5400-325-0x000000001BAF0000-0x000000001BAF1000-memory.dmp
memory/5776-323-0x00000000058B0000-0x00000000058B1000-memory.dmp
memory/5384-327-0x000000001B710000-0x000000001B712000-memory.dmp
memory/5400-328-0x0000000002500000-0x0000000002502000-memory.dmp
memory/5396-329-0x0000000005A70000-0x0000000005A71000-memory.dmp
memory/5396-333-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/5396-331-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/5396-335-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/5396-336-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/5384-334-0x00000000028F0000-0x0000000002924000-memory.dmp
memory/948-320-0x0000000005830000-0x0000000005831000-memory.dmp
memory/3100-318-0x0000000004B00000-0x0000000004B16000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | a174d42aebd9b07b023f7508e05c279b |
| SHA1 | f70cd24ba0b5b801a04111a9c5b5ec324926c7c3 |
| SHA256 | fef48e8c21cc4c8f7ebf5580d2488df5793dba5589c7e042934ea1a0b4c9beb2 |
| SHA512 | 4897e43aedf30651a450ed3e978c35e76e51d9f001ddf9353d62a8f375cb2f5caf203603dc463a9bf6f1f866b0943acd00734a222fce17721705d7e3329825ef |
memory/5396-338-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
memory/5396-344-0x0000000005AE0000-0x0000000005AE1000-memory.dmp
memory/5632-340-0x0000000000000000-mapping.dmp
memory/5396-347-0x0000000005AF0000-0x0000000005AF1000-memory.dmp
memory/5396-348-0x0000000005B00000-0x0000000005B01000-memory.dmp
memory/5396-349-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/5384-346-0x0000000002930000-0x0000000002931000-memory.dmp
memory/5396-350-0x0000000005B20000-0x0000000005B21000-memory.dmp
memory/5396-357-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/5396-354-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/5396-362-0x0000000005B60000-0x0000000005B61000-memory.dmp
memory/5396-359-0x0000000005B50000-0x0000000005B51000-memory.dmp
memory/5632-345-0x0000000000400000-0x0000000000455000-memory.dmp
memory/5296-339-0x0000000000000000-mapping.dmp
memory/5400-342-0x000000001B270000-0x000000001B271000-memory.dmp
memory/4440-341-0x0000000007120000-0x0000000007152000-memory.dmp
memory/5396-337-0x0000000005AC0000-0x0000000005AC1000-memory.dmp
memory/5560-368-0x0000000000000000-mapping.dmp
memory/3620-378-0x00000000011B0000-0x00000000011B1000-memory.dmp
memory/4440-377-0x0000000004A90000-0x0000000004A91000-memory.dmp
memory/5560-386-0x00000000059C0000-0x00000000059C1000-memory.dmp
memory/704-387-0x0000000000000000-mapping.dmp
memory/1168-390-0x0000000000000000-mapping.dmp
memory/1124-389-0x0000000000000000-mapping.dmp
memory/5600-395-0x0000000000000000-mapping.dmp
memory/1780-394-0x0000000000000000-mapping.dmp
memory/708-391-0x0000000000000000-mapping.dmp
memory/1892-396-0x0000000000000000-mapping.dmp
memory/1168-398-0x0000000000A10000-0x0000000000A20000-memory.dmp
memory/2164-400-0x0000000000000000-mapping.dmp
memory/1168-399-0x0000000000A30000-0x0000000000A42000-memory.dmp
memory/5268-401-0x0000000000000000-mapping.dmp
memory/3932-407-0x0000000000000000-mapping.dmp
memory/1780-406-0x00000000049A0000-0x0000000004A3D000-memory.dmp
memory/5268-416-0x000000001BA70000-0x000000001BA72000-memory.dmp
memory/6124-414-0x0000000000000000-mapping.dmp
memory/3492-421-0x0000000000000000-mapping.dmp
memory/2960-422-0x0000000000000000-mapping.dmp
memory/5472-427-0x0000000000000000-mapping.dmp
memory/3276-426-0x0000000000000000-mapping.dmp
memory/1452-429-0x0000000000000000-mapping.dmp
memory/5236-425-0x0000000000000000-mapping.dmp
memory/3932-436-0x0000000005860000-0x0000000005E78000-memory.dmp
memory/5320-434-0x0000000000000000-mapping.dmp
memory/6124-463-0x000001E202D40000-0x000001E202DAE000-memory.dmp
memory/6124-464-0x000001E202DB0000-0x000001E202E7F000-memory.dmp
memory/4452-470-0x0000000000000000-mapping.dmp
memory/4460-469-0x0000000000000000-mapping.dmp
memory/5600-473-0x00000000034C0000-0x00000000034C1000-memory.dmp
memory/5624-476-0x0000000000000000-mapping.dmp
memory/5568-482-0x0000000000000000-mapping.dmp
memory/5236-484-0x0000024D1B2E0000-0x0000024D1B3AF000-memory.dmp
memory/1892-475-0x0000000005D80000-0x0000000005D81000-memory.dmp
memory/5424-474-0x0000000000000000-mapping.dmp
memory/5624-501-0x000000001B170000-0x000000001B172000-memory.dmp
memory/2164-515-0x00000000015B0000-0x0000000001ED6000-memory.dmp
memory/1780-530-0x0000000003812000-0x0000000003813000-memory.dmp
memory/1780-527-0x0000000003810000-0x0000000003811000-memory.dmp
memory/4568-546-0x0000000005140000-0x0000000005141000-memory.dmp
memory/1780-571-0x0000000003815000-0x0000000003817000-memory.dmp
memory/1428-668-0x0000000006C60000-0x0000000006C61000-memory.dmp
memory/1428-669-0x0000000006C62000-0x0000000006C63000-memory.dmp
memory/1428-674-0x0000000006C65000-0x0000000006C67000-memory.dmp
memory/4160-712-0x00000000066D0000-0x00000000066D1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-08-13 10:16
Reported
2021-08-13 10:43
Platform
win11
Max time kernel
123s
Max time network
472s
Command Line
Signatures
Glupteba
Glupteba Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MetaSploit
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe |
Raccoon
Raccoon Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.exe" | C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" | C:\Users\Admin\AppData\Roaming\7749277.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\ | C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Weather = "C:\\Users\\Admin\\AppData\\Roaming\\Weather\\Weather.exe --Kx45G9qPr" | C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4464 set thread context of 3656 | N/A | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe |
| PID 3572 set thread context of 5020 | N/A | C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe | C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe |
| PID 2372 set thread context of 5420 | N/A | C:\Users\Admin\AppData\Local\Temp\FD06.exe | C:\Users\Admin\AppData\Local\Temp\FD06.exe |
| PID 3036 set thread context of 4960 | N/A | C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe | C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\Uninstall.exe | C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\Uninstall.ini | C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\d | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d.INTEG.RAW | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\tmp.edb | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\d.jfm | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d.jfm | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\customer3.exe | C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\jooyu.exe | C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\resources.pak | C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f74e66e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF563.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI76D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4ED8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\SysWOW64\WerFault.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF6BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF7E6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI41E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.override | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF013.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF93E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4AB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI50A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF9A87D2CFA9B3ABED.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFCFB29CBEDC3AAFD.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFE727E7B6D18AA69F.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f74e66e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFAC6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI605.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF53650BBE070BD8E5.TMP | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f8278c54-a712-415b-b593-b77a2be0dda9}\Instance\ | N/A | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e5c0000000100000004000000001000002000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\2289649.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\nm4v4nX6q8r69thUpH5Vd9Ga.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\vO2_yRX_ZljMrGdzV5L7u2tB.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\8499124.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\3369564.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\6440941.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1G98S.tmp\S_E0CVI67McL3LWYzINfS7m4.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E768.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8 (30).exe
"C:\Users\Admin\AppData\Local\Temp\8 (30).exe"
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\setup_install.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_7.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_2.exe
sonia_2.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.exe
sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_5.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_5.exe
sonia_5.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_3.exe
sonia_3.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_4.exe
sonia_4.exe
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_6.exe
sonia_6.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4100 -ip 4100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 576
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.exe" -a
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2528 -ip 2528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3608 -ip 3608
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 240
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5072 -ip 5072
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 448
C:\Users\Admin\Documents\n89VBckFKsj9xfDOZqaqaA1P.exe
"C:\Users\Admin\Documents\n89VBckFKsj9xfDOZqaqaA1P.exe"
C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe
"C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe"
C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe
"C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe"
C:\Users\Admin\Documents\SiJIi3_WqIkqQvI5QPMCmoGS.exe
"C:\Users\Admin\Documents\SiJIi3_WqIkqQvI5QPMCmoGS.exe"
C:\Users\Admin\Documents\uJ9mYHAvuwIgAm_x05uSaMSM.exe
"C:\Users\Admin\Documents\uJ9mYHAvuwIgAm_x05uSaMSM.exe"
C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe
"C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe"
C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe
"C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe"
C:\Users\Admin\Documents\UgLqpNcd72FQ5h4nmHT3P_Zo.exe
"C:\Users\Admin\Documents\UgLqpNcd72FQ5h4nmHT3P_Zo.exe"
C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe
"C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe"
C:\Users\Admin\Documents\Ki5oiMd0OUghu0IYj3jTOKQO.exe
"C:\Users\Admin\Documents\Ki5oiMd0OUghu0IYj3jTOKQO.exe"
C:\Users\Admin\Documents\nm4v4nX6q8r69thUpH5Vd9Ga.exe
"C:\Users\Admin\Documents\nm4v4nX6q8r69thUpH5Vd9Ga.exe"
C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe
"C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 672 -ip 672
C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe
"C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe"
C:\Users\Admin\Documents\2p7n8ODwQ7ewZod5XCq7_Pyh.exe
"C:\Users\Admin\Documents\2p7n8ODwQ7ewZod5XCq7_Pyh.exe"
C:\Users\Admin\Documents\NVdmt6iXrXMJzlA2t58Tdg3O.exe
"C:\Users\Admin\Documents\NVdmt6iXrXMJzlA2t58Tdg3O.exe"
C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe
"C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe"
C:\Users\Admin\Documents\SYQiuZH20mLYHs2aooMg596X.exe
"C:\Users\Admin\Documents\SYQiuZH20mLYHs2aooMg596X.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3196 -ip 3196
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1188 -ip 1188
C:\Users\Admin\Documents\S_E0CVI67McL3LWYzINfS7m4.exe
"C:\Users\Admin\Documents\S_E0CVI67McL3LWYzINfS7m4.exe"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 280
C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
C:\Users\Admin\AppData\Local\Temp\is-1G98S.tmp\S_E0CVI67McL3LWYzINfS7m4.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1G98S.tmp\S_E0CVI67McL3LWYzINfS7m4.tmp" /SL5="$20254,138429,56832,C:\Users\Admin\Documents\S_E0CVI67McL3LWYzINfS7m4.exe"
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 276
C:\Users\Admin\Documents\vO2_yRX_ZljMrGdzV5L7u2tB.exe
"C:\Users\Admin\Documents\vO2_yRX_ZljMrGdzV5L7u2tB.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 460 -ip 460
C:\Users\Admin\AppData\Roaming\8499124.exe
"C:\Users\Admin\AppData\Roaming\8499124.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 240
C:\Users\Admin\AppData\Roaming\7749277.exe
"C:\Users\Admin\AppData\Roaming\7749277.exe"
C:\Users\Admin\AppData\Roaming\8892045.exe
"C:\Users\Admin\AppData\Roaming\8892045.exe"
C:\Users\Admin\AppData\Roaming\3369564.exe
"C:\Users\Admin\AppData\Roaming\3369564.exe"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\1895660.exe
"C:\Users\Admin\AppData\Roaming\1895660.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\6440941.exe
"C:\Users\Admin\AppData\Roaming\6440941.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3188 -ip 3188
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 1072
C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-RDSNM.tmp\Setup.exe" /Verysilent
C:\Users\Admin\AppData\Roaming\1206345.exe
"C:\Users\Admin\AppData\Roaming\1206345.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 740 -ip 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"
C:\Users\Admin\AppData\Roaming\5891405.exe
"C:\Users\Admin\AppData\Roaming\5891405.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" /quiet SILENT=1 AF=715 BF=715
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2016 -ip 2016
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe"
C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe
"C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 280
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
C:\Users\Admin\AppData\Local\Temp\is-EN178.tmp\GameBoxWin32.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EN178.tmp\GameBoxWin32.tmp" /SL5="$20270,506127,422400,C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe
C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5020 -ip 5020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 28
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe" -a
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\6887135.exe
"C:\Users\Admin\AppData\Roaming\6887135.exe"
C:\Users\Admin\AppData\Roaming\2289649.exe
"C:\Users\Admin\AppData\Roaming\2289649.exe"
C:\Users\Admin\AppData\Roaming\6887761.exe
"C:\Users\Admin\AppData\Roaming\6887761.exe"
C:\Users\Admin\AppData\Roaming\8867950.exe
"C:\Users\Admin\AppData\Roaming\8867950.exe"
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5548 -ip 5548
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 456
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 50E866EA6705FE7F33CCA191CA54163A C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 747F8F74F6DCA73A99AFC23C3823EA88 C
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 640 -p 4396 -ip 4396
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590693 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590693 /qn CAMPAIGN=""710"" " CAMPAIGN="710"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4396 -s 2340
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1488 -ip 1488
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1488 -s 2432
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 708 -p 1108 -ip 1108
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1108 -s 2440
C:\Users\Admin\AppData\Local\Temp\E768.exe
C:\Users\Admin\AppData\Local\Temp\E768.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5116 -ip 5116
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 2548
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 624 -p 5024 -ip 5024
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5F8CDB0F9F947B867D7BF33D90030772
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5024 -s 2328
C:\Users\Admin\AppData\Local\Temp\F0EE.exe
C:\Users\Admin\AppData\Local\Temp\F0EE.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5536 -ip 5536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 228
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5E7D85130AAA2DA43D1BD8E9DC834AB8 C
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5212 -ip 5212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 2532
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590693 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"
C:\Users\Admin\AppData\Local\Temp\F98A.exe
C:\Users\Admin\AppData\Local\Temp\F98A.exe
C:\Users\Admin\AppData\Local\Temp\FD06.exe
C:\Users\Admin\AppData\Local\Temp\FD06.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\322.exe
C:\Users\Admin\AppData\Local\Temp\322.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3268 -ip 3268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4260 -ip 4260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1524 -ip 1524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 872
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Local\Temp\FD06.exe
C:\Users\Admin\AppData\Local\Temp\FD06.exe
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"
C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe" -silent=1 -AF=715 -BF=715 -uncf=default
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\FD06.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /T 10 /NOBREAK
C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe
"C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe"
C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
"C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" "--Kx45G9qPr"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_A9FC.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites' -retry_count 10"
Network
| Country | Destination | Domain | Proto |
| N/A | 95.101.206.92:80 | go.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | slscr.update.microsoft.com | udp |
| N/A | 52.152.110.14:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.152.108.96:443 | fe3cr.delivery.mp.microsoft.com | tcp |
| N/A | 52.152.110.14:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.247.37.26:80 | dmd.metaservices.microsoft.com | tcp |
| N/A | 52.152.110.14:443 | slscr.update.microsoft.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 37.0.8.235:80 | 37.0.8.235 | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:49753 | tcp | |
| N/A | 127.0.0.1:49755 | tcp | |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | drkapoorclinic.com | udp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | seymakaymazoglu.com | udp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | fsstoragecloudservice.com | udp |
| N/A | 104.21.88.226:80 | i.spesgrt.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 52.219.4.75:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 77.246.144.104:80 | 3freeprivacytoolsforyou.xyz | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 162.159.130.233:80 | cdn.discordapp.com | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.89.171:80 | 22rtdfhjd.club | tcp |
| N/A | 172.67.145.110:443 | a.goatagame.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 111.90.156.58:443 | fsstoragecloudservice.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 52.219.4.75:443 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 34.117.59.81:80 | ipinfo.io | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 104.26.8.187:80 | proxycheck.io | tcp |
| N/A | 52.219.136.202:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 52.219.136.202:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 185.230.143.16:32115 | tcp | |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 45.14.49.128:16334 | 45.14.49.128 | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 104.21.14.85:443 | getdesignusa.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 104.21.14.85:443 | getdesignusa.xyz | tcp |
| N/A | 104.21.87.184:443 | all-brain-company.xyz | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 104.21.14.85:443 | getdesignusa.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 104.21.14.85:443 | getdesignusa.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 146.185.239.6:80 | readinglistforjuly1.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 104.21.87.184:443 | all-brain-company.xyz | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 91.241.19.52:80 | 91.241.19.52 | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 52.5.82.174:443 | didiserver.herokuapp.com | tcp |
| N/A | 146.185.239.6:80 | readinglistforjuly1.xyz | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 88.218.92.49:80 | imgs.googlwaa.com | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 176.9.93.201:443 | s3.tebi.io | tcp |
| N/A | 104.73.131.204:80 | x1.c.lencr.org | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 195.201.225.248:443 | telete.in | tcp |
| N/A | 45.67.231.40:80 | 45.67.231.40 | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 142.250.179.174:80 | www.google-analytics.com | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 52.5.82.174:443 | didiserver.herokuapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
Files
memory/4924-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/4704-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
memory/4100-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/4100-164-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/4100-165-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/4100-166-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4100-169-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4100-168-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4100-167-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/4100-170-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4100-171-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.txt
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/788-178-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_6.txt
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_5.txt
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_4.txt
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_3.txt
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_2.txt
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
memory/3200-179-0x0000000000000000-mapping.dmp
memory/888-180-0x0000000000000000-mapping.dmp
memory/1104-181-0x0000000000000000-mapping.dmp
memory/1200-183-0x0000000000000000-mapping.dmp
memory/2560-185-0x0000000000000000-mapping.dmp
memory/1516-182-0x0000000000000000-mapping.dmp
memory/2088-184-0x0000000000000000-mapping.dmp
memory/2528-186-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_2.exe
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
memory/5052-191-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_5.exe
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_4.exe
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
memory/5104-192-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_3.exe
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
memory/3616-196-0x0000000000790000-0x0000000000791000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_6.exe
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
memory/3608-190-0x0000000000000000-mapping.dmp
memory/3616-189-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC335A5A3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3852-199-0x0000000000000000-mapping.dmp
memory/3616-201-0x000000001B470000-0x000000001B472000-memory.dmp
memory/3784-202-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
memory/2528-205-0x0000000000A30000-0x0000000000A39000-memory.dmp
memory/3608-206-0x0000000000AD0000-0x0000000000B6D000-memory.dmp
memory/5072-208-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dat
| MD5 | 99ab358c6f267b09d7a596548654a6ba |
| SHA1 | d5a643074b69be2281a168983e3f6bef7322f676 |
| SHA256 | 586339f93c9c0eed8a42829ab307f2c5381a636edbcf80df3770c27555034380 |
| SHA512 | 952040785a3c1dcaea613d2e0d46745d5b631785d26de018fd9f85f8485161d056bf67b19c96ae618d35de5d5991a0dd549d749949faea7a2e0f9991a1aa2b2b |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/3864-216-0x0000000000000000-mapping.dmp
memory/5092-215-0x0000000000000000-mapping.dmp
memory/3572-214-0x0000000000000000-mapping.dmp
memory/3036-213-0x0000000000000000-mapping.dmp
memory/672-212-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
C:\Users\Admin\Documents\n89VBckFKsj9xfDOZqaqaA1P.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\_Zc9whaKfl_JLWu6W0FAWmK1.exe
| MD5 | f8d92d2f91fd134e57b6764c0eba5de3 |
| SHA1 | 1ed71b2e5a398c1c1bc5f33cfe462d471a48fa52 |
| SHA256 | 420379eae2cab153a4f538c5c9b68d848e78d5c336c8e7e13a923913eb9ba32c |
| SHA512 | 47d514492022932bb03f771d51bb1909235f9ebf7152b502e2412052628ff85c0342de42b4da8644c820b8bcf1e52fcace0fbc82c32c6216b4c2da56cf5eac71 |
memory/3572-233-0x0000000000F50000-0x0000000000F51000-memory.dmp
memory/3572-240-0x0000000005F70000-0x0000000005F71000-memory.dmp
C:\Users\Admin\Documents\UgLqpNcd72FQ5h4nmHT3P_Zo.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
C:\Users\Admin\Documents\UgLqpNcd72FQ5h4nmHT3P_Zo.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
memory/5072-237-0x0000000000000000-mapping.dmp
memory/3864-234-0x00000000002B0000-0x00000000002B1000-memory.dmp
memory/740-232-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\uJ9mYHAvuwIgAm_x05uSaMSM.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\n89VBckFKsj9xfDOZqaqaA1P.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\uJ9mYHAvuwIgAm_x05uSaMSM.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\X5Gdy6gNFU_e8he4pTThuaQ7.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
C:\Users\Admin\Documents\HrIx13CSTMzqSnRS8QfzeiKD.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\SiJIi3_WqIkqQvI5QPMCmoGS.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\SiJIi3_WqIkqQvI5QPMCmoGS.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
memory/916-218-0x0000000000000000-mapping.dmp
memory/4464-217-0x0000000000000000-mapping.dmp
memory/3036-245-0x0000000000D50000-0x0000000000D51000-memory.dmp
memory/3572-244-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/2544-243-0x0000000000000000-mapping.dmp
memory/592-241-0x0000000000000000-mapping.dmp
memory/664-242-0x0000000000000000-mapping.dmp
memory/3196-246-0x0000000000000000-mapping.dmp
memory/4584-254-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\2p7n8ODwQ7ewZod5XCq7_Pyh.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
C:\Users\Admin\Documents\2p7n8ODwQ7ewZod5XCq7_Pyh.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
C:\Users\Admin\Documents\NVdmt6iXrXMJzlA2t58Tdg3O.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\SYQiuZH20mLYHs2aooMg596X.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
memory/3572-266-0x00000000059C0000-0x0000000005F66000-memory.dmp
memory/592-265-0x00000000007F0000-0x00000000007F1000-memory.dmp
C:\Users\Admin\Documents\NVdmt6iXrXMJzlA2t58Tdg3O.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\SYQiuZH20mLYHs2aooMg596X.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
memory/3656-258-0x0000000000000000-mapping.dmp
memory/672-256-0x00000000049A0000-0x0000000004A3D000-memory.dmp
C:\Users\Admin\Documents\X2_TPiNnV6_dYtMnZrxSY0hp.exe
| MD5 | 060e727c298a99826cabfacfee33321f |
| SHA1 | c94a1ab7b04f8f3bcba8538a901c7ae5f253c9aa |
| SHA256 | 440fe79cbaf72137d3062df26751a1c8cf8b0e1ce56ad66d4fac66cf56cf6a02 |
| SHA512 | 6baddb62b3a6e592a2009c00029180a2eddb5e07773c900d0adbd29aeea2306586102493ecd18832b06254702a59be97933f38b78e8529d18e8e720896c30ef5 |
C:\Users\Admin\Documents\nm4v4nX6q8r69thUpH5Vd9Ga.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\nm4v4nX6q8r69thUpH5Vd9Ga.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\Ki5oiMd0OUghu0IYj3jTOKQO.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
C:\Users\Admin\Documents\Ki5oiMd0OUghu0IYj3jTOKQO.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
C:\Users\Admin\Documents\aExdCfNXucfonbOOac2PuG9P.exe
| MD5 | 0f73a44e00e05a2257c26a0ab3eb84ab |
| SHA1 | 9c90dac9386f8ef2a44fac90f154a42173461a60 |
| SHA256 | d256af9cf801950977e5c289587c7c9664d75d0d36e8b19c55e5e9b0ec0312a5 |
| SHA512 | a3d479ad86ca6dd16298311f5244fc74e9c8711a8dc7bc45bb7f247e911e037f3258a353e2059538170b32800f9665593b7d4a3d7707770a7f79e5cc62bc0261 |
memory/1188-247-0x0000000000000000-mapping.dmp
memory/460-248-0x0000000000000000-mapping.dmp
memory/4464-272-0x0000000004940000-0x000000000494A000-memory.dmp
memory/3656-267-0x0000000000400000-0x0000000000409000-memory.dmp
memory/664-275-0x0000000000950000-0x0000000000960000-memory.dmp
memory/3572-278-0x0000000006520000-0x0000000006521000-memory.dmp
memory/3572-274-0x00000000059C0000-0x00000000059C1000-memory.dmp
memory/3864-277-0x0000000002350000-0x0000000002365000-memory.dmp
C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
memory/1188-282-0x0000000002D80000-0x0000000002D89000-memory.dmp
memory/3196-280-0x00000000049C0000-0x0000000004A5D000-memory.dmp
memory/3864-283-0x0000000000A80000-0x0000000000A82000-memory.dmp
C:\Users\Admin\Documents\1JMmnCx5m4Z66yrXg1xiG_Zg.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
memory/592-286-0x0000000000FE0000-0x0000000000FE2000-memory.dmp
memory/1292-288-0x0000000000000000-mapping.dmp
memory/1708-287-0x0000000000000000-mapping.dmp
memory/3036-285-0x0000000005980000-0x0000000005F26000-memory.dmp
memory/592-284-0x0000000000FF0000-0x0000000001005000-memory.dmp
C:\Users\Admin\Documents\kRiLghXv_6ASLkGhyEhBWRyk.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/664-289-0x0000000000C80000-0x0000000000C92000-memory.dmp
memory/1068-294-0x0000000000000000-mapping.dmp
memory/3036-297-0x0000000005BD0000-0x0000000005BD1000-memory.dmp
memory/1292-296-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3188-293-0x0000000000000000-mapping.dmp
memory/3020-290-0x0000000000000000-mapping.dmp
memory/3572-292-0x0000000005C30000-0x0000000005C31000-memory.dmp
memory/940-300-0x00000000031C0000-0x00000000031FC000-memory.dmp
memory/3188-299-0x0000000000400000-0x000000000067D000-memory.dmp
memory/5092-301-0x000001CDF0A20000-0x000001CDF0A8F000-memory.dmp
memory/940-298-0x0000000000000000-mapping.dmp
memory/5092-302-0x000001CDF0A90000-0x000001CDF0B5F000-memory.dmp
memory/940-304-0x0000000005A50000-0x0000000005A51000-memory.dmp
memory/2544-305-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/940-306-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/3208-310-0x0000000002FC0000-0x0000000002FD6000-memory.dmp
memory/3376-311-0x0000000000000000-mapping.dmp
memory/5072-309-0x0000000001000000-0x0000000001001000-memory.dmp
memory/940-308-0x00000000020A0000-0x00000000020A1000-memory.dmp
memory/940-313-0x0000000005A70000-0x0000000005A71000-memory.dmp
memory/2544-316-0x0000000005A40000-0x0000000005A41000-memory.dmp
memory/940-317-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/2544-314-0x0000000006160000-0x0000000006161000-memory.dmp
memory/940-315-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/940-319-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/940-321-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/940-322-0x0000000005AC0000-0x0000000005AC1000-memory.dmp
memory/1488-329-0x0000000000000000-mapping.dmp
memory/3376-331-0x000000001BBB0000-0x000000001BBB2000-memory.dmp
memory/4396-332-0x0000000000000000-mapping.dmp
memory/940-333-0x0000000005AE0000-0x0000000005AE1000-memory.dmp
memory/460-327-0x0000000000A90000-0x0000000000ABF000-memory.dmp
memory/2544-328-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/2544-324-0x0000000005C40000-0x0000000005C41000-memory.dmp
memory/940-323-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
memory/3244-342-0x0000000000000000-mapping.dmp
memory/2012-341-0x0000000000000000-mapping.dmp
memory/4396-340-0x0000000000940000-0x0000000000941000-memory.dmp
memory/940-335-0x0000000005AF0000-0x0000000005AF1000-memory.dmp
memory/1488-337-0x00000000009F0000-0x00000000009F1000-memory.dmp
memory/3416-344-0x0000000000000000-mapping.dmp
memory/2544-351-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/940-349-0x0000000005B20000-0x0000000005B21000-memory.dmp
memory/940-346-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/940-339-0x0000000005B00000-0x0000000005B01000-memory.dmp
memory/5072-356-0x0000000005CF0000-0x0000000005CF1000-memory.dmp
memory/2284-357-0x0000000000000000-mapping.dmp
memory/2284-363-0x0000000000400000-0x0000000000455000-memory.dmp
memory/2544-362-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/940-361-0x0000000005B50000-0x0000000005B51000-memory.dmp
memory/940-360-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/1488-359-0x00000000010D0000-0x00000000010D1000-memory.dmp
memory/4396-358-0x00000000029F0000-0x0000000002A1B000-memory.dmp
memory/3904-354-0x0000000000000000-mapping.dmp
memory/3244-352-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/940-353-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/1488-365-0x000000001B910000-0x000000001B912000-memory.dmp
memory/3244-368-0x0000000002650000-0x0000000002657000-memory.dmp
memory/4396-370-0x000000001C180000-0x000000001C181000-memory.dmp
memory/1488-369-0x00000000010E0000-0x0000000001114000-memory.dmp
memory/940-367-0x0000000005B60000-0x0000000005B61000-memory.dmp
memory/4396-366-0x000000001BA80000-0x000000001BA81000-memory.dmp
memory/5116-364-0x0000000000000000-mapping.dmp
memory/4396-377-0x000000001B6A0000-0x000000001B6A2000-memory.dmp
memory/5116-378-0x0000000005170000-0x0000000005171000-memory.dmp
memory/1952-381-0x0000000000000000-mapping.dmp
memory/1108-387-0x0000000000000000-mapping.dmp
memory/2016-394-0x0000000000000000-mapping.dmp
memory/1992-390-0x0000000000000000-mapping.dmp
memory/740-399-0x0000000001510000-0x0000000001E36000-memory.dmp
memory/3736-397-0x0000000000000000-mapping.dmp
memory/1956-403-0x0000000000000000-mapping.dmp
memory/3864-405-0x0000000000000000-mapping.dmp
memory/1632-401-0x0000000000000000-mapping.dmp
memory/1108-414-0x000000001BB90000-0x000000001BB92000-memory.dmp
memory/2016-409-0x0000000004A80000-0x0000000004B13000-memory.dmp
memory/4868-412-0x0000000000000000-mapping.dmp
memory/2712-407-0x0000000000000000-mapping.dmp
memory/3592-418-0x0000000000000000-mapping.dmp
memory/3200-429-0x0000000000000000-mapping.dmp
memory/1388-431-0x0000000000000000-mapping.dmp
memory/2012-441-0x00000000050A0000-0x00000000050A1000-memory.dmp
memory/3200-443-0x0000000000400000-0x000000000046D000-memory.dmp
memory/3904-445-0x0000000000CC0000-0x0000000000CC1000-memory.dmp
memory/4336-460-0x0000000002100000-0x0000000002101000-memory.dmp
memory/3864-464-0x000000001B170000-0x000000001B172000-memory.dmp
memory/1992-484-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
memory/1824-482-0x00000000029D0000-0x00000000029D1000-memory.dmp
memory/2712-492-0x0000022D1ECD0000-0x0000022D1EE02000-memory.dmp
memory/2712-491-0x0000022D1EAD0000-0x0000022D1EB9D000-memory.dmp
memory/5212-512-0x00000000055A0000-0x00000000055A1000-memory.dmp
memory/2084-523-0x00000000056C0000-0x00000000056C1000-memory.dmp
memory/3020-522-0x00000274719B0000-0x0000027471A7F000-memory.dmp
memory/3020-518-0x0000027471940000-0x00000274719AE000-memory.dmp
memory/5024-514-0x0000000002F10000-0x0000000002F12000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2021-08-13 10:16
Reported
2021-08-13 10:43
Platform
win11
Max time kernel
1454s
Max time network
1464s
Command Line
Signatures
Glupteba
Glupteba Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MetaSploit
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe |
Raccoon
Raccoon Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Cleaner = "C:\\Users\\Admin\\AppData\\Roaming\\Cleaner\\Cleaner.exe --anbfs" | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.exe" | C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" | C:\Users\Admin\AppData\Roaming\3805112.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\ | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6084 set thread context of 6140 | N/A | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe |
| PID 1520 set thread context of 5532 | N/A | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe |
| PID 4120 set thread context of 2560 | N/A | C:\Users\Admin\AppData\Local\Temp\FBED.exe | C:\Users\Admin\AppData\Local\Temp\FBED.exe |
| PID 4236 set thread context of 4968 | N/A | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\tmp.edb | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.INTEG.RAW | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d.INTEG.RAW | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\Uninstall.ini | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\resources.pak | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d.jfm | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\jooyu.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\d | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\Uninstall.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\d.jfm | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\tmp.edb | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\d | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\customer3.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF71E450EFD0AE54AC.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF9AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFBFE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF3B85E2C6734259B7.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFCA29917EA7C16393.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f74c922.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f74c922.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF8B1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFF8B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF5D68EB6133126FE9.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE43.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\SysWOW64\WerFault.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID6CE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF592.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF6CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFE32.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.override | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6482.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\uus\AMD64\MoUsoCoreWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\11111.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\11111.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\uus\AMD64\MoUsoCoreWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\AppData\Local\Temp\11111.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Users\Admin\AppData\Local\Temp\11111.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordCharacterGroups = "2" | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordLength = "8" | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f8278c54-a712-415b-b593-b77a2be0dda9}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{60767F80-B035-4AB5-BBB3-DA6B7B35D4D2} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{F06BD7CE-18E5-4360-8EFD-975EC14C3EA6} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\Instance\ | N/A | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b55c0000000100000004000000001000002000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\7192482.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-HIAII.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E39F.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8 (31).exe
"C:\Users\Admin\AppData\Local\Temp\8 (31).exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\setup_install.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.exe
sonia_1.exe
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_2.exe
sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_3.exe
sonia_3.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3760 -ip 3760
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_5.exe
sonia_5.exe
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_6.exe
sonia_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_4.exe
sonia_4.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 568
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.exe
"C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.exe" -a
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4968 -ip 4968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 3640 -ip 3640
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5496 -ip 5496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 448
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
"C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe"
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
"C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5872 -ip 5872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 276
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
"C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6036 -ip 6036
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
"C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 276
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
"C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe
"C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe"
C:\Users\Admin\AppData\Local\Temp\is-HIAII.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HIAII.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp" /SL5="$600B0,138429,56832,C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe" /Verysilent
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5536 -ip 5536
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe"
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 276
C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe
"C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe"
C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" /quiet SILENT=1 AF=715 BF=715
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet
C:\Users\Admin\AppData\Local\Temp\is-8TA9U.tmp\GameBoxWin32.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8TA9U.tmp\GameBoxWin32.tmp" /SL5="$202C2,506127,422400,C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe" -a
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4000 -ip 4000
C:\Users\Admin\AppData\Roaming\5393005.exe
"C:\Users\Admin\AppData\Roaming\5393005.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 452
C:\Users\Admin\AppData\Roaming\3805112.exe
"C:\Users\Admin\AppData\Roaming\3805112.exe"
C:\Users\Admin\AppData\Roaming\7094262.exe
"C:\Users\Admin\AppData\Roaming\7094262.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\AppData\Roaming\3944891.exe
"C:\Users\Admin\AppData\Roaming\3944891.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 65218445D20A2568688A88B3EB4E5CA5 C
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 70E6346DB2B80B9D20AE5D924A118416 C
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A1104AFB6485764A0B2B701102CA7D15 C
C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe
"C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe"
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
"C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe
"C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe"
C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe
"C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe"
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
"C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe"
C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe
"C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe"
C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe
"C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe"
C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe
"C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe"
C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe
"C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe"
C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe
"C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe"
C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2208 -ip 2208
C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe
"C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe"
C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe
"C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe
"C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 272
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\7192482.exe
"C:\Users\Admin\AppData\Roaming\7192482.exe"
C:\Users\Admin\AppData\Roaming\2926759.exe
"C:\Users\Admin\AppData\Roaming\2926759.exe"
C:\Users\Admin\AppData\Roaming\1391070.exe
"C:\Users\Admin\AppData\Roaming\1391070.exe"
C:\Users\Admin\AppData\Roaming\5936352.exe
"C:\Users\Admin\AppData\Roaming\5936352.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5484 -ip 5484
C:\Users\Admin\AppData\Roaming\8475029.exe
"C:\Users\Admin\AppData\Roaming\8475029.exe"
C:\Users\Admin\AppData\Roaming\8169682.exe
"C:\Users\Admin\AppData\Roaming\8169682.exe"
C:\Users\Admin\AppData\Roaming\8475029.exe
"C:\Users\Admin\AppData\Roaming\8475029.exe"
C:\Users\Admin\AppData\Roaming\4462447.exe
"C:\Users\Admin\AppData\Roaming\4462447.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 /qn CAMPAIGN=""710"" " CAMPAIGN="710"
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2256 -ip 2256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A6AB0703DA2BEC4702D6D149BBB88EEB
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 3040 -ip 3040
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3040 -s 2316
C:\Users\Admin\AppData\Local\Temp\E39F.exe
C:\Users\Admin\AppData\Local\Temp\E39F.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Users\Admin\AppData\Local\Temp\EFC5.exe
C:\Users\Admin\AppData\Local\Temp\EFC5.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3848 -ip 3848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 4728 -ip 4728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 2540
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
C:\Users\Admin\AppData\Local\Temp\F881.exe
C:\Users\Admin\AppData\Local\Temp\F881.exe
C:\Users\Admin\AppData\Local\Temp\FBED.exe
C:\Users\Admin\AppData\Local\Temp\FBED.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 4380 -ip 4380
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 1708 -ip 1708
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1708 -s 2376
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4380 -s 2352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2268 -ip 2268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
C:\Users\Admin\AppData\Local\Temp\BFB.exe
C:\Users\Admin\AppData\Local\Temp\BFB.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1536 -ip 1536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 276
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2384 -ip 2384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5680 -ip 5680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 2524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 2488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6088 -ip 6088
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 876
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\FBED.exe
C:\Users\Admin\AppData\Local\Temp\FBED.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\FBED.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /T 10 /NOBREAK
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe" -silent=1 -CID=717 -SID=717 -submn=default
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" "--anbfs"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_B2A7.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites' -retry_count 10"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Cleaner\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" --annotation=plat=Win64 --annotation=prod=Cleaner --annotation=ver=0.0.13 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff9aff2dec0,0x7ff9aff2ded0,0x7ff9aff2dee0
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Cleaner\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Cleaner --annotation=ver=0.0.13 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ff6d3d89e70,0x7ff6d3d89e80,0x7ff6d3d89e90
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1604 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=1844 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=2240 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2440 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2484 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3160 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=2740 /prefetch:8
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
"C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
"C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files\Windows Defender\mpcmdrun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=3512 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=504 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,5624366391707207227,8891553915634277803,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw1472_45824767" --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0xdc,0x104,0x108,0xe8,0x10c,0x7ff9c55e46f8,0x7ff9c55e4708,0x7ff9c55e4718
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 4968 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 4968 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 4968
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 4968
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6020 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,7235957591432453526,12524792455710052208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Windows\uus\AMD64\MoUsoCoreWorker.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
Network
| Country | Destination | Domain | Proto |
| N/A | 51.124.78.146:443 | tcp | |
| N/A | 8.8.8.8:53 | slscr.update.microsoft.com | udp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.152.108.96:443 | fe3cr.delivery.mp.microsoft.com | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.242.101.226:443 | slscr.update.microsoft.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 37.0.8.235:80 | 37.0.8.235 | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:49745 | tcp | |
| N/A | 127.0.0.1:49747 | tcp | |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 20.54.110.119:443 | tsfe.trafficshaping.dsp.mp.microsoft.com | tcp |
| N/A | 172.67.153.179:80 | i.spesgrt.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 37.0.11.8:80 | tcp | |
| N/A | 37.0.11.8:80 | tcp | |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | 22rtdfhjd.club | udp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | a.goatagame.com | udp |
| N/A | 77.246.144.104:80 | 3freeprivacytoolsforyou.xyz | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 104.21.89.171:80 | 22rtdfhjd.club | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 52.219.0.27:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 172.67.145.110:443 | a.goatagame.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 52.219.0.27:443 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 40.126.31.135:443 | tcp | |
| N/A | 20.73.194.208:443 | settings-win.data.microsoft.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 34.117.59.81:80 | ipinfo.io | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 104.26.9.187:80 | proxycheck.io | tcp |
| N/A | 52.219.68.167:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 52.219.68.167:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 52.247.37.26:80 | tcp | |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 111.90.156.58:443 | fsstoragecloudservice.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.145.153:443 | all-brain-company.xyz | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 146.185.239.6:80 | readinglistforjuly1.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.218.92.49:80 | imgs.googlwaa.com | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 45.14.49.128:16334 | 45.14.49.128 | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 172.67.145.153:443 | all-brain-company.xyz | tcp |
| N/A | 34.201.81.34:443 | paybiz.herokuapp.com | tcp |
| N/A | 172.67.145.153:443 | all-brain-company.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 91.241.19.52:80 | 91.241.19.52 | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | api.ip.sb | udp |
| N/A | 104.26.13.31:443 | api.ip.sb | tcp |
| N/A | 104.26.13.31:443 | api.ip.sb | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 45.136.151.102:80 | uyg5wye.2ihsfa.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 104.26.13.31:443 | api.ip.sb | tcp |
| N/A | 8.8.8.8:53 | most-fast-link-download.com | udp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 146.185.239.6:80 | readinglistforjuly1.xyz | tcp |
| N/A | 8.8.8.8:53 | www.mediafire.com | udp |
| N/A | 104.16.202.237:443 | www.mediafire.com | tcp |
| N/A | 199.91.155.129:443 | download2388.mediafire.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 104.26.13.31:443 | api.ip.sb | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 195.201.225.248:443 | telete.in | tcp |
| N/A | 45.67.231.40:80 | 45.67.231.40 | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uyg5wye.2ihsfa.com | tcp |
| N/A | 142.250.179.174:80 | www.google-analytics.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 34.201.81.34:443 | paybiz.herokuapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.10.13:443 | p6701.softemstore.xyz | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 131.253.33.203:443 | ntp.msn.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 131.253.33.203:443 | api.msn.com | tcp |
| N/A | 2.17.34.119:443 | assets.msn.com | tcp |
| N/A | 2.17.34.119:443 | assets.msn.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 131.253.33.200:443 | www.bing.com | tcp |
| N/A | 2.22.22.219:443 | img-s-msn-com.akamaized.net | tcp |
| N/A | 65.9.73.82:443 | sb.scorecardresearch.com | tcp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 52.142.114.2:443 | c.msn.com | tcp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | tcp |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 20.82.210.154:443 | arc.msn.com | tcp |
| N/A | 52.168.112.66:443 | browser.events.data.msn.com | tcp |
| N/A | 52.164.226.245:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | udp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | udp |
| N/A | 204.79.197.203:443 | tcp | |
| N/A | 204.79.197.203:443 | tcp | |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 37.252.172.250:443 | tcp | |
| N/A | 74.119.119.150:443 | tcp | |
| N/A | 35.211.99.204:443 | tcp | |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 64.58.116.132:443 | tcp | |
| N/A | 104.19.134.78:443 | tcp | |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 104.19.136.78:443 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 2.22.147.96:443 | tcp | |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 52.182.141.63:443 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 2.22.147.35:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
Files
memory/5000-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/1152-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
memory/3760-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/3760-166-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3760-165-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3760-168-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3760-167-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3760-164-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3760-163-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3760-170-0x0000000064940000-0x0000000064959000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_3.txt
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_6.txt
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
memory/4796-177-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_5.txt
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_4.txt
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_2.txt
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.txt
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3760-169-0x0000000000400000-0x000000000051D000-memory.dmp
memory/3744-178-0x0000000000000000-mapping.dmp
memory/4040-180-0x0000000000000000-mapping.dmp
memory/4552-181-0x0000000000000000-mapping.dmp
memory/524-182-0x0000000000000000-mapping.dmp
memory/4868-183-0x0000000000000000-mapping.dmp
memory/3244-184-0x0000000000000000-mapping.dmp
memory/4860-179-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/4968-185-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_2.exe
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
memory/4644-190-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_5.exe
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_6.exe
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
memory/1152-196-0x0000000000D60000-0x0000000000D61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_3.exe
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_4.exe
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
memory/3640-191-0x0000000000000000-mapping.dmp
memory/1148-189-0x0000000000000000-mapping.dmp
memory/1152-188-0x0000000000000000-mapping.dmp
memory/5248-198-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS883DB0B3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/1152-200-0x000000001B8D0000-0x000000001B8D2000-memory.dmp
memory/5320-201-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
memory/3640-205-0x0000000000C30000-0x0000000000CCD000-memory.dmp
memory/4968-204-0x0000000000A20000-0x0000000000A29000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
memory/5496-207-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dat
| MD5 | 99ab358c6f267b09d7a596548654a6ba |
| SHA1 | d5a643074b69be2281a168983e3f6bef7322f676 |
| SHA256 | 586339f93c9c0eed8a42829ab307f2c5381a636edbcf80df3770c27555034380 |
| SHA512 | 952040785a3c1dcaea613d2e0d46745d5b631785d26de018fd9f85f8485161d056bf67b19c96ae618d35de5d5991a0dd549d749949faea7a2e0f9991a1aa2b2b |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/5864-211-0x0000000000000000-mapping.dmp
memory/5872-212-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
memory/5988-217-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
memory/6036-220-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
memory/6084-223-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/6140-226-0x0000000000000000-mapping.dmp
memory/6140-227-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/5872-229-0x00000000049A0000-0x0000000004A3D000-memory.dmp
memory/6036-230-0x0000000002E10000-0x0000000002E19000-memory.dmp
memory/6084-231-0x0000000002F90000-0x0000000002F9A000-memory.dmp
memory/5864-232-0x000001B779280000-0x000001B7792EF000-memory.dmp
memory/5864-233-0x000001B7792F0000-0x000001B7793BF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | a174d42aebd9b07b023f7508e05c279b |
| SHA1 | f70cd24ba0b5b801a04111a9c5b5ec324926c7c3 |
| SHA256 | fef48e8c21cc4c8f7ebf5580d2488df5793dba5589c7e042934ea1a0b4c9beb2 |
| SHA512 | 4897e43aedf30651a450ed3e978c35e76e51d9f001ddf9353d62a8f375cb2f5caf203603dc463a9bf6f1f866b0943acd00734a222fce17721705d7e3329825ef |
memory/4020-235-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\11111.exe
| MD5 | cc0d6b6813f92dbf5be3ecacf44d662a |
| SHA1 | b968c57a14ddada4128356f6e39fb66c6d864d3f |
| SHA256 | 0c2ade2993927f6de828e30c07156c19751b55650a05c965631ca0ea1c983498 |
| SHA512 | 4d4275338cd8a089c25757440b876654b569d39bfd970109cceb09c29ca79c8f3b1fdfcc6316ef18a9eb68cddf0c2d6daa0fa27fafc1f27b8103b4aa1db1fbc5 |
memory/4020-238-0x0000000000400000-0x0000000000455000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\11111.exe
| MD5 | cc0d6b6813f92dbf5be3ecacf44d662a |
| SHA1 | b968c57a14ddada4128356f6e39fb66c6d864d3f |
| SHA256 | 0c2ade2993927f6de828e30c07156c19751b55650a05c965631ca0ea1c983498 |
| SHA512 | 4d4275338cd8a089c25757440b876654b569d39bfd970109cceb09c29ca79c8f3b1fdfcc6316ef18a9eb68cddf0c2d6daa0fa27fafc1f27b8103b4aa1db1fbc5 |
C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe
| MD5 | 908fa1446bc3cc61c7f05e0f56067705 |
| SHA1 | 195948e4b235aa486ffe4f3c22fa5bcea4bb8ea4 |
| SHA256 | b2ff33ba5fb21b6ac2d560930be90451eb2197b75c781d162bf321149fe1323f |
| SHA512 | ee616b7b82177086ae749e145837eb895b5a9a1852830bed3f8d38939d4aa3c8b6a383b5be90e957a3fb5e4af298b108a0e7fa0ae1bcd4fe96791e137b0dcce0 |
memory/5324-239-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe
| MD5 | 908fa1446bc3cc61c7f05e0f56067705 |
| SHA1 | 195948e4b235aa486ffe4f3c22fa5bcea4bb8ea4 |
| SHA256 | b2ff33ba5fb21b6ac2d560930be90451eb2197b75c781d162bf321149fe1323f |
| SHA512 | ee616b7b82177086ae749e145837eb895b5a9a1852830bed3f8d38939d4aa3c8b6a383b5be90e957a3fb5e4af298b108a0e7fa0ae1bcd4fe96791e137b0dcce0 |
memory/5376-243-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-HIAII.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp
| MD5 | ffcf263a020aa7794015af0edee5df0b |
| SHA1 | bce1eb5f0efb2c83f416b1782ea07c776666fdab |
| SHA256 | 1d07cfb7104b85fc0dffd761f6848ad176117e146bbb4079fe993efa06b94c64 |
| SHA512 | 49f2b062adfb99c0c7f1012c56f0b52a8850d9f030cc32073b90025b372e4eb373f06a351e9b33264967427b8174c060c8a6110979f0eaf0872f7da6d5e4308a |
memory/5376-248-0x00000000024A0000-0x00000000024DC000-memory.dmp
memory/5324-247-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5376-249-0x00000000022E0000-0x00000000022E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\itdownload.dll
| MD5 | d82a429efd885ca0f324dd92afb6b7b8 |
| SHA1 | 86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea |
| SHA256 | b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3 |
| SHA512 | 5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df |
C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\itdownload.dll
| MD5 | d82a429efd885ca0f324dd92afb6b7b8 |
| SHA1 | 86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea |
| SHA256 | b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3 |
| SHA512 | 5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/5376-252-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/5376-254-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/5376-253-0x0000000005A70000-0x0000000005A71000-memory.dmp
memory/5376-251-0x0000000005A50000-0x0000000005A51000-memory.dmp
memory/5376-256-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/5376-255-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/5376-258-0x0000000005AC0000-0x0000000005AC1000-memory.dmp
memory/5376-257-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/5376-260-0x0000000005AE0000-0x0000000005AE1000-memory.dmp
memory/5376-259-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
memory/5376-262-0x0000000005B00000-0x0000000005B01000-memory.dmp
memory/5376-261-0x0000000005AF0000-0x0000000005AF1000-memory.dmp
memory/5376-264-0x0000000005B20000-0x0000000005B21000-memory.dmp
memory/5376-263-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/5376-266-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/5376-268-0x0000000005B60000-0x0000000005B61000-memory.dmp
memory/5376-267-0x0000000005B50000-0x0000000005B51000-memory.dmp
memory/5376-265-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/3256-269-0x0000000004420000-0x0000000004436000-memory.dmp
memory/5484-270-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\11111.exe
| MD5 | cc0d6b6813f92dbf5be3ecacf44d662a |
| SHA1 | b968c57a14ddada4128356f6e39fb66c6d864d3f |
| SHA256 | 0c2ade2993927f6de828e30c07156c19751b55650a05c965631ca0ea1c983498 |
| SHA512 | 4d4275338cd8a089c25757440b876654b569d39bfd970109cceb09c29ca79c8f3b1fdfcc6316ef18a9eb68cddf0c2d6daa0fa27fafc1f27b8103b4aa1db1fbc5 |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/5388-274-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe
| MD5 | 0d64abc56a3f3976f7f4190c08748b70 |
| SHA1 | d1100717ba3377fd371bae08f325c0ea46fbb921 |
| SHA256 | 7719cefc8c6210b55f340b493e7292b244f0374576bb19e32b3c6cdcabd2e9de |
| SHA512 | 0bad350f3c7c9fc22c2a230fd9786836d87a4eb6a07b8cd6fc3845b89d3d3b69bbf92111fb360ec670fbb1d269ef0847ca283939f720ea3091b2df276d29dc1f |
C:\Users\Admin\AppData\Local\Temp\is-ARR0U.tmp\Setup.exe
| MD5 | 0d64abc56a3f3976f7f4190c08748b70 |
| SHA1 | d1100717ba3377fd371bae08f325c0ea46fbb921 |
| SHA256 | 7719cefc8c6210b55f340b493e7292b244f0374576bb19e32b3c6cdcabd2e9de |
| SHA512 | 0bad350f3c7c9fc22c2a230fd9786836d87a4eb6a07b8cd6fc3845b89d3d3b69bbf92111fb360ec670fbb1d269ef0847ca283939f720ea3091b2df276d29dc1f |
memory/5536-277-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
| MD5 | 8479bce60218cd871c118308ded82d39 |
| SHA1 | 0388ec861b2ac5c7f4dc6eed249d92d3002fe66e |
| SHA256 | 15078be80772a449383c5f6a7631955039b82ebaf507ab67e61093b70b98dc43 |
| SHA512 | f4be47baee6baeacbe1e27174ad83700efc78ab2d02262d718c7436d2304fc16618a5911bed63ed8d2e947af3c511d17b77ddfccea9a4e6aab9f3956fcf322f8 |
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
| MD5 | c313ddb7df24003d25bf62c5a218b215 |
| SHA1 | 20a3404b7e17b530885fa0be130e784f827986ee |
| SHA256 | e3bc81a59fc45dfdfcc57b0078437061cb8c3396e1d593fcf187e3cdf0373ed1 |
| SHA512 | 542e2746626a066f3e875ae2f0d15e2c4beb5887376bb0218090f0e8492a6fdb11fa02b035d7d4200562811df7d2187b8a993a0b7f65489535919bdf11eb4cff |
memory/3640-281-0x0000000000000000-mapping.dmp
memory/5608-288-0x0000000000000000-mapping.dmp
memory/5584-290-0x00000000003E0000-0x00000000003E1000-memory.dmp
memory/584-291-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
| MD5 | ee19bc8a2b6c6fd7c30037389457a4df |
| SHA1 | e1fca1cc33574e59dec62763ee6e7de1a5198095 |
| SHA256 | 76af8837a5ac0384faeeeff8c8987f796206fc4a1691428dbd44a14378ff28c0 |
| SHA512 | 38db6d4ca6f106849f2ba173e20dae0a53c3e558eb676adba380761cc0318769c6add3a2e816705c094596fc305dab1dd39eb2b83e9f3e066ffc90de580af001 |
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
| MD5 | 953513e9a9e8496e829e98288a628c6e |
| SHA1 | eb6f1ee5c7eb3835779648e7e6418bcc9dc6b8bd |
| SHA256 | 3c8cc71aa463c7a7cc67e164eb183f7b4e1824a9a138598b609ee35c63a7a562 |
| SHA512 | 76399389dfee57bcc31f18fea3ad0efe5dd1af80eec81604f620ca0fea64248f23582405d3fd142fdb002b5180c390b6cdebe86a630735e581f1d38fc8a6437d |
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
| MD5 | 953513e9a9e8496e829e98288a628c6e |
| SHA1 | eb6f1ee5c7eb3835779648e7e6418bcc9dc6b8bd |
| SHA256 | 3c8cc71aa463c7a7cc67e164eb183f7b4e1824a9a138598b609ee35c63a7a562 |
| SHA512 | 76399389dfee57bcc31f18fea3ad0efe5dd1af80eec81604f620ca0fea64248f23582405d3fd142fdb002b5180c390b6cdebe86a630735e581f1d38fc8a6437d |
memory/5516-285-0x0000000000000000-mapping.dmp
memory/5584-284-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe
| MD5 | d7ca6f2ff87eb5f18f8324acd9fce263 |
| SHA1 | 0c6414d92ef449d9b546bff54da99e844efd8b00 |
| SHA256 | feedd0bfcb96340195c1593ad705db16637584b42afc42ddb353c0607460ccfc |
| SHA512 | 40623d8452c663a8eb276a444cd78272fcfbc309b232548957e5891b1e8a2881d1d36688cda98e7b0c2865d8bbd6eed0e59928f4b86522dfeb8f5d5560da8be3 |
memory/5440-279-0x0000000000000000-mapping.dmp
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
| MD5 | 8479bce60218cd871c118308ded82d39 |
| SHA1 | 0388ec861b2ac5c7f4dc6eed249d92d3002fe66e |
| SHA256 | 15078be80772a449383c5f6a7631955039b82ebaf507ab67e61093b70b98dc43 |
| SHA512 | f4be47baee6baeacbe1e27174ad83700efc78ab2d02262d718c7436d2304fc16618a5911bed63ed8d2e947af3c511d17b77ddfccea9a4e6aab9f3956fcf322f8 |
memory/5536-293-0x00000000049F0000-0x0000000004A83000-memory.dmp
memory/6044-294-0x0000000000000000-mapping.dmp
memory/6068-296-0x0000000000000000-mapping.dmp
memory/5584-297-0x0000000000BB0000-0x0000000000BB1000-memory.dmp
memory/584-300-0x0000000000400000-0x000000000067D000-memory.dmp
memory/6080-298-0x0000000000000000-mapping.dmp
memory/780-302-0x0000000000000000-mapping.dmp
memory/6068-303-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5584-304-0x000000001AE80000-0x000000001AE81000-memory.dmp
memory/5584-301-0x0000000000BC0000-0x0000000000BDC000-memory.dmp
memory/3256-305-0x000000000B090000-0x000000000B0A0000-memory.dmp
memory/3256-308-0x000000000B090000-0x000000000B110000-memory.dmp
memory/3256-307-0x000000000F560000-0x000000000F570000-memory.dmp
memory/2052-306-0x0000000000000000-mapping.dmp
memory/5516-315-0x00000230FB6C0000-0x00000230FB78D000-memory.dmp
memory/3256-318-0x000000000F560000-0x000000000F5E0000-memory.dmp
memory/780-319-0x0000000000860000-0x0000000000861000-memory.dmp
memory/5584-321-0x000000001B120000-0x000000001B122000-memory.dmp
memory/5516-317-0x00000230FB8C0000-0x00000230FB9F2000-memory.dmp
memory/4000-328-0x0000000000000000-mapping.dmp
memory/3040-329-0x0000000000000000-mapping.dmp
memory/3040-330-0x0000000000F30000-0x0000000000F31000-memory.dmp
memory/3212-332-0x0000000000000000-mapping.dmp
memory/3364-333-0x0000000000000000-mapping.dmp
memory/3040-336-0x0000000001700000-0x000000000172B000-memory.dmp
memory/3212-338-0x0000000000C60000-0x0000000000C61000-memory.dmp
memory/4728-337-0x0000000000000000-mapping.dmp
memory/4728-341-0x0000000000380000-0x0000000000381000-memory.dmp
memory/3040-340-0x000000001C130000-0x000000001C131000-memory.dmp
memory/4704-342-0x0000000000000000-mapping.dmp
memory/3040-344-0x000000001C830000-0x000000001C831000-memory.dmp
memory/3212-345-0x0000000001BA0000-0x0000000001BA7000-memory.dmp
memory/3364-346-0x0000000000C60000-0x0000000000C61000-memory.dmp
memory/3212-347-0x0000000008240000-0x0000000008241000-memory.dmp
memory/3212-349-0x0000000007C90000-0x0000000007C91000-memory.dmp
memory/3040-350-0x000000001BD50000-0x000000001BD52000-memory.dmp
memory/4728-351-0x0000000004E90000-0x0000000004E91000-memory.dmp
memory/3040-352-0x000000001BB90000-0x000000001BB91000-memory.dmp
memory/2228-354-0x0000000000000000-mapping.dmp
memory/3364-353-0x0000000005600000-0x0000000005632000-memory.dmp
memory/4488-355-0x0000000000000000-mapping.dmp
memory/3364-356-0x0000000008360000-0x0000000008361000-memory.dmp
memory/3364-358-0x0000000007B70000-0x0000000007B71000-memory.dmp
memory/3364-361-0x0000000007E40000-0x0000000007E41000-memory.dmp
memory/4728-359-0x0000000007620000-0x000000000764B000-memory.dmp
memory/4728-363-0x0000000007750000-0x0000000007751000-memory.dmp
memory/3364-362-0x0000000007BD0000-0x0000000007BD1000-memory.dmp
memory/4728-364-0x0000000007B50000-0x0000000007B51000-memory.dmp
memory/4920-367-0x0000000000000000-mapping.dmp
memory/2484-366-0x0000000000000000-mapping.dmp
memory/4340-377-0x0000000000000000-mapping.dmp
memory/3364-381-0x00000000056B0000-0x00000000056B1000-memory.dmp
memory/784-394-0x0000000000000000-mapping.dmp
memory/2208-402-0x0000000000000000-mapping.dmp
memory/4236-401-0x0000000000000000-mapping.dmp
memory/5484-400-0x0000000000000000-mapping.dmp
memory/1728-399-0x0000000000000000-mapping.dmp
memory/4704-398-0x0000000000000000-mapping.dmp
memory/1520-397-0x0000000000000000-mapping.dmp
memory/5252-396-0x0000000000000000-mapping.dmp
memory/2484-406-0x0000000004B50000-0x0000000004B51000-memory.dmp
memory/3492-407-0x0000000000000000-mapping.dmp
memory/2256-405-0x0000000000000000-mapping.dmp
memory/2188-404-0x0000000000000000-mapping.dmp
memory/4364-429-0x0000000001100000-0x0000000001110000-memory.dmp
memory/5252-433-0x0000000001330000-0x0000000001332000-memory.dmp
memory/1520-441-0x0000000005350000-0x00000000058F6000-memory.dmp
memory/4364-446-0x0000000001120000-0x0000000001132000-memory.dmp
memory/6104-443-0x000000001B3A0000-0x000000001B3A2000-memory.dmp
memory/3492-448-0x000000001B390000-0x000000001B392000-memory.dmp
memory/2208-449-0x00000000049D0000-0x0000000004A6D000-memory.dmp
memory/4236-452-0x0000000005950000-0x0000000005EF6000-memory.dmp
memory/2124-479-0x000002DB41AC0000-0x000002DB41B2E000-memory.dmp
memory/2124-482-0x000002DB41F60000-0x000002DB4202F000-memory.dmp
memory/1728-504-0x00000000054A0000-0x00000000054A1000-memory.dmp
memory/5484-503-0x0000000000BB0000-0x0000000000BDF000-memory.dmp
memory/2188-511-0x0000000005690000-0x0000000005691000-memory.dmp
memory/784-505-0x00000000060D0000-0x00000000060D1000-memory.dmp
memory/4380-530-0x000000001AEF0000-0x000000001AEF2000-memory.dmp
memory/5680-533-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
memory/2384-532-0x00000000055F0000-0x00000000055F1000-memory.dmp
memory/2476-539-0x0000000005230000-0x0000000005231000-memory.dmp
memory/1708-535-0x0000000001200000-0x0000000001202000-memory.dmp
memory/2256-563-0x0000000001550000-0x0000000001E76000-memory.dmp
memory/2076-564-0x0000000004B50000-0x0000000004B51000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2021-08-13 10:16
Reported
2021-08-13 10:43
Platform
win11
Max time kernel
386s
Max time network
924s
Command Line
Signatures
Glupteba
Glupteba Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MetaSploit
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe |
Raccoon
Raccoon Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.exe" | C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" | C:\Users\Admin\AppData\Roaming\8272398.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\ | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Cleaner = "C:\\Users\\Admin\\AppData\\Roaming\\Cleaner\\Cleaner.exe --anbfs" | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4700 set thread context of 5704 | N/A | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe |
| PID 3184 set thread context of 4828 | N/A | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe |
| PID 5256 set thread context of 4168 | N/A | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Company\NewProduct\Uninstall.ini | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.INTEG.RAW | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\Uninstall.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\customer3.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\jooyu.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\tmp.edb | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\resources.pak | C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIF351.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF617.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5223.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\SysWOW64\WerFault.exe | N/A |
| File created | C:\Windows\Installer\f74e6ac.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF43D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF12D6AAE46563A1AD.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF7BE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.override | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF54CC8B71C908B8D9.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEDA2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF41D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF52B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB6D151B8D04AE90E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFAF34EF2FDE2B76D2.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF330.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF4DB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF51B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f74e6ac.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF45D.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\MoNotificationUx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordLength = "8" | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordCharacterGroups = "2" | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{391DE9F0-3195-49D7-84E8-7FD8A126E045} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{8CCAAA35-37C1-4C7C-9D12-0C7AB8E9030A} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b55c0000000100000004000000001000002000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\8108524.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LS6E9.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8 (4).exe
"C:\Users\Admin\AppData\Local\Temp\8 (4).exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Windows\system32\wlrmdr.exe
-c -s 0 -f 0 -t Empty -m Empty -a 0 -u Empty
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\setup_install.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_5.exe
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_4.exe
sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.exe
sonia_1.exe
C:\Windows\system32\MoNotificationUx.exe
%systemroot%\system32\MoNotificationUx.exe /ClearActiveNotifications
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_2.exe
sonia_2.exe
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_3.exe
sonia_3.exe
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_6.exe
sonia_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_5.exe
sonia_5.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4656 -ip 4656
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.exe" -a
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 492
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3492 -ip 3492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 244
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3744 -ip 3744
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 244
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4600 -ip 4600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 448
C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe
"C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe"
C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe
"C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe"
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
"C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe"
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
"C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe"
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
"C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe"
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
"C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe"
C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe
"C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe"
C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe
"C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe"
C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe
"C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe"
C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe
"C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe"
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
"C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe
"C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe"
C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe
"C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe"
C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe
"C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe"
C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe
"C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe"
C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe
"C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe"
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
"C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe"
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
"C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4236 -ip 4236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5184 -ip 5184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5160 -ip 5160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 276
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 272
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe
"C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe"
C:\Users\Admin\AppData\Local\Temp\is-LS6E9.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LS6E9.tmp\JtS4xX5pg56xxh_LNk0OMRUm.tmp" /SL5="$50166,138429,56832,C:\Users\Admin\Documents\JtS4xX5pg56xxh_LNk0OMRUm.exe"
C:\Users\Admin\AppData\Roaming\1022245.exe
"C:\Users\Admin\AppData\Roaming\1022245.exe"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\8272398.exe
"C:\Users\Admin\AppData\Roaming\8272398.exe"
C:\Users\Admin\AppData\Roaming\2557933.exe
"C:\Users\Admin\AppData\Roaming\2557933.exe"
C:\Users\Admin\AppData\Roaming\7103215.exe
"C:\Users\Admin\AppData\Roaming\7103215.exe"
C:\Users\Admin\AppData\Roaming\2113434.exe
"C:\Users\Admin\AppData\Roaming\2113434.exe"
C:\Users\Admin\AppData\Roaming\7216578.exe
"C:\Users\Admin\AppData\Roaming\7216578.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
C:\Users\Admin\AppData\Roaming\7129630.exe
"C:\Users\Admin\AppData\Roaming\7129630.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5172 -ip 5172
C:\Users\Admin\AppData\Roaming\5872873.exe
"C:\Users\Admin\AppData\Roaming\5872873.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4160 -ip 4160
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe"
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 240
C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe
"C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe"
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" /quiet SILENT=1 AF=715 BF=715
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5300 -ip 5300
C:\Users\Admin\AppData\Local\Temp\is-LDTGQ.tmp\GameBoxWin32.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LDTGQ.tmp\GameBoxWin32.tmp" /SL5="$4030A,506127,422400,C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-SAT04.tmp\Setup.exe" /Verysilent
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe" -a
C:\Users\Admin\AppData\Roaming\3536827.exe
"C:\Users\Admin\AppData\Roaming\3536827.exe"
C:\Users\Admin\AppData\Roaming\5404278.exe
"C:\Users\Admin\AppData\Roaming\5404278.exe"
C:\Users\Admin\AppData\Roaming\8082108.exe
"C:\Users\Admin\AppData\Roaming\8082108.exe"
C:\Users\Admin\AppData\Roaming\8108524.exe
"C:\Users\Admin\AppData\Roaming\8108524.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3404 -ip 3404
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EA41C2FAFED15A1DFB7CBED626AC9A33 C
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 448
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 2492 -ip 2492
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 547B522BF59612A8C256B2BF0D75CCB1 C
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 676 -p 1420 -ip 1420
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2492 -s 2328
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1607442C9C320D4DE8A2684EA59EE396 C
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 676 -p 4480 -ip 4480
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1420 -s 2408
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4480 -s 2424
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5560 -ip 5560
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590694 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 2544
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590694 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590694 /qn CAMPAIGN=""710"" " CAMPAIGN="710"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 360 -p 3300 -ip 3300
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3300 -s 2324
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 25F2961CA71C55F091F1E4461CEE9D2F
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5048 -ip 5048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 2488
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe" -silent=1 -CID=717 -SID=717 -submn=default
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
"C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" "--anbfs"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_9C31.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites' -retry_count 10"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Cleaner\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" --annotation=plat=Win64 --annotation=prod=Cleaner --annotation=ver=0.0.13 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ffef8f2dec0,0x7ffef8f2ded0,0x7ffef8f2dee0
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1608 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=2108 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=2088 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2536 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2568 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3212 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=3232 /prefetch:8
C:\Program Files\Windows Defender\mpcmdrun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=3556 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=3612 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=3708 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,6350574832893002511,12424336288445489766,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw3496_1570217890" --mojo-platform-channel-handle=2224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff015646f8,0x7fff01564708,0x7fff01564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 4168 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 4168 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 4168
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 4168
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2052,6583573443563056996,2027287961941557962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5228 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 52.247.37.26:80 | dmd.metaservices.microsoft.com | tcp |
| N/A | 20.54.89.106:443 | tcp | |
| N/A | 8.8.8.8:53 | fe3cr.delivery.mp.microsoft.com | udp |
| N/A | 20.54.89.15:443 | fe3cr.delivery.mp.microsoft.com | tcp |
| N/A | 40.125.122.176:443 | slscr.update.microsoft.com | tcp |
| N/A | 40.125.122.176:443 | slscr.update.microsoft.com | tcp |
| N/A | 20.190.160.71:443 | tcp | |
| N/A | 51.124.78.146:443 | settings-win.data.microsoft.com | tcp |
| N/A | 20.54.110.119:443 | tsfe.trafficshaping.dsp.mp.microsoft.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 37.0.8.235:80 | 37.0.8.235 | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:49769 | tcp | |
| N/A | 127.0.0.1:49771 | tcp | |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 8.8.8.8:53 | seymakaymazoglu.com | udp |
| N/A | 8.8.8.8:53 | 3freeprivacytoolsforyou.xyz | udp |
| N/A | 8.8.8.8:53 | drkapoorclinic.com | udp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 8.8.8.8:53 | a.goatagame.com | udp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 172.67.153.179:80 | i.spesgrt.com | tcp |
| N/A | 104.21.49.131:80 | a.goatagame.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 77.246.144.104:80 | 3freeprivacytoolsforyou.xyz | tcp |
| N/A | 104.21.49.131:80 | a.goatagame.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 104.21.49.131:443 | a.goatagame.com | tcp |
| N/A | 52.219.16.151:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 172.67.162.206:80 | 22rtdfhjd.club | tcp |
| N/A | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 111.90.156.58:443 | fsstoragecloudservice.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 52.219.16.151:443 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 95.101.206.92:80 | go.microsoft.com | tcp |
| N/A | 52.247.37.26:80 | dmd.metaservices.microsoft.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 34.117.59.81:80 | ipinfo.io | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 104.26.9.187:80 | proxycheck.io | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 52.219.68.175:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 52.219.68.175:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 45.14.49.128:16334 | 45.14.49.128 | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 104.21.87.184:443 | all-brain-company.xyz | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 172.67.190.140:80 | music-sec.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.87.184:443 | all-brain-company.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 45.136.151.102:80 | staticimg.youtuuee.com | tcp |
| N/A | 172.67.75.172:443 | api.ip.sb | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 34.201.81.34:443 | paybiz.herokuapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 104.16.202.237:443 | www.mediafire.com | tcp |
| N/A | 194.87.146.179:80 | gamelabpro.club | tcp |
| N/A | 88.218.92.49:80 | imgs.googlwaa.com | tcp |
| N/A | 199.91.155.72:443 | download2331.mediafire.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 20.73.194.208:443 | settings-win.data.microsoft.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 142.250.179.174:80 | www.google-analytics.com | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 34.201.81.34:443 | paybiz.herokuapp.com | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.162.27:443 | p6701.softemstore.xyz | tcp |
| N/A | 204.79.197.203:443 | api.msn.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 204.79.197.203:443 | api.msn.com | tcp |
| N/A | 2.22.23.152:443 | assets.msn.com | tcp |
| N/A | 2.22.23.152:443 | assets.msn.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 65.9.73.27:443 | sb.scorecardresearch.com | tcp |
| N/A | 2.22.22.219:443 | img-prod-cms-rt-microsoft-com.akamaized.net | tcp |
| N/A | 131.253.33.200:443 | www.bing.com | tcp |
| N/A | 52.142.114.2:443 | c.msn.com | tcp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | tcp |
| N/A | 20.50.201.195:443 | browser.events.data.msn.com | tcp |
| N/A | 20.82.210.154:443 | arc.msn.com | tcp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | tcp |
| N/A | 51.144.113.175:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | udp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 131.253.33.203:443 | tcp | |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 131.253.33.203:443 | tcp | |
| N/A | 76.223.111.131:443 | tcp | |
| N/A | 104.22.25.87:443 | tcp | |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 52.26.6.186:443 | tcp | |
| N/A | 18.159.171.176:443 | tcp | |
| N/A | 18.159.171.176:443 | tcp | |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 104.19.134.78:443 | tcp | |
| N/A | 64.58.116.142:443 | tcp | |
| N/A | 64.58.116.142:443 | tcp | |
| N/A | 104.19.132.78:443 | tcp | |
| N/A | 104.19.133.78:443 | tcp | |
| N/A | 18.184.192.190:443 | tcp | |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | udp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 52.168.112.66:443 | tcp | |
| N/A | 35.211.114.141:443 | tcp | |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 2.22.147.96:443 | tcp | |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 2.22.147.26:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.17.130:443 | s.lletlee.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/4292-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/908-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
memory/4656-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
memory/4656-163-0x000000006B440000-0x000000006B4CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/4656-164-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/4656-165-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/4656-166-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_4.txt
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_6.txt
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_5.txt
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_2.txt
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.txt
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_3.txt
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
memory/2912-174-0x0000000000000000-mapping.dmp
memory/2900-173-0x0000000000000000-mapping.dmp
memory/4236-175-0x0000000000000000-mapping.dmp
memory/3296-176-0x0000000000000000-mapping.dmp
memory/4656-177-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3720-178-0x0000000000000000-mapping.dmp
memory/4656-182-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4348-188-0x0000000000000000-mapping.dmp
memory/3492-189-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_2.exe
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3744-193-0x0000000000000000-mapping.dmp
memory/512-192-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_3.exe
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_6.exe
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_5.exe
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_4.exe
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
memory/4656-185-0x0000000064940000-0x0000000064959000-memory.dmp
memory/4400-184-0x0000000000000000-mapping.dmp
memory/4256-183-0x0000000000000000-mapping.dmp
memory/3932-181-0x0000000000000000-mapping.dmp
memory/4656-179-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3912-180-0x0000000000000000-mapping.dmp
memory/3932-196-0x0000000000180000-0x0000000000181000-memory.dmp
memory/3932-198-0x000000001AF20000-0x000000001AF22000-memory.dmp
memory/3940-199-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4C0A59B3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/5020-201-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
memory/3492-205-0x0000000000950000-0x0000000000959000-memory.dmp
memory/3744-206-0x0000000000BB0000-0x0000000000C4D000-memory.dmp
memory/4600-207-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dat
| MD5 | 99ab358c6f267b09d7a596548654a6ba |
| SHA1 | d5a643074b69be2281a168983e3f6bef7322f676 |
| SHA256 | 586339f93c9c0eed8a42829ab307f2c5381a636edbcf80df3770c27555034380 |
| SHA512 | 952040785a3c1dcaea613d2e0d46745d5b631785d26de018fd9f85f8485161d056bf67b19c96ae618d35de5d5991a0dd549d749949faea7a2e0f9991a1aa2b2b |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
memory/5148-216-0x0000000000000000-mapping.dmp
memory/5132-215-0x0000000000000000-mapping.dmp
memory/4700-214-0x0000000000000000-mapping.dmp
memory/4236-213-0x0000000000000000-mapping.dmp
memory/3744-212-0x0000000000000000-mapping.dmp
memory/3184-211-0x0000000000000000-mapping.dmp
memory/5148-239-0x00000000026F0000-0x0000000002700000-memory.dmp
memory/5324-234-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\CExPm2teptKJM3U3nqqgCPm0.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
memory/5300-231-0x0000000000000000-mapping.dmp
memory/5276-228-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\V4YrPI8QpGX9Ucokzw4oW8fP.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
memory/5256-227-0x0000000000000000-mapping.dmp
memory/5240-225-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\god7mdfnF5Hnj_XIiFbABBUg.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\KcM_aXJkNcTcljKDf8gG11wo.exe
| MD5 | 47e86cc0cafdce94d5c05a5c9c5c388e |
| SHA1 | de4fcbdcc06a0d748a82666bfc1ec4e4a08e5be6 |
| SHA256 | 1d7d718be5b978fedd1124fa44831ba54af5bda0507f6eee05a0a8c8d9badda1 |
| SHA512 | e8d4012ee736c1d256e03bd1756ebd5a0349c0b77903bf71ad80cf40ee3c586e32b1e1278bd54b6b58b58152a9382a4726b8242b98ac4665ba1d0ebecb50e47e |
memory/5208-221-0x0000000000000000-mapping.dmp
memory/5196-220-0x0000000000000000-mapping.dmp
memory/5184-219-0x0000000000000000-mapping.dmp
memory/5172-218-0x0000000000000000-mapping.dmp
memory/5160-217-0x0000000000000000-mapping.dmp
memory/5360-238-0x0000000000000000-mapping.dmp
memory/5148-258-0x0000000002710000-0x0000000002722000-memory.dmp
C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
memory/5324-269-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/5184-268-0x00000000049C0000-0x0000000004A5D000-memory.dmp
memory/5196-261-0x0000000000E70000-0x0000000000E71000-memory.dmp
memory/5256-260-0x00000000006F0000-0x00000000006F1000-memory.dmp
memory/3184-259-0x0000000000E10000-0x0000000000E11000-memory.dmp
memory/5160-264-0x0000000002E30000-0x0000000002E39000-memory.dmp
C:\Users\Admin\Documents\TL72W7u8qebE9iUtdhAHthYF.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\j1tdMXakQkoMjZWj5pICYBq1.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\ezTQ8CM6JbC6ER4SHNsPg1zd.exe
| MD5 | 0f73a44e00e05a2257c26a0ab3eb84ab |
| SHA1 | 9c90dac9386f8ef2a44fac90f154a42173461a60 |
| SHA256 | d256af9cf801950977e5c289587c7c9664d75d0d36e8b19c55e5e9b0ec0312a5 |
| SHA512 | a3d479ad86ca6dd16298311f5244fc74e9c8711a8dc7bc45bb7f247e911e037f3258a353e2059538170b32800f9665593b7d4a3d7707770a7f79e5cc62bc0261 |
C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\qdeiSzvFWIvFVz6SZp4bDwDR.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
C:\Users\Admin\Documents\Qzak0bYOl0HYykP9CNoT0QGa.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
C:\Users\Admin\Documents\DBAyf2zrlAo1c_2A5SJZjVeL.exe
| MD5 | f8d92d2f91fd134e57b6764c0eba5de3 |
| SHA1 | 1ed71b2e5a398c1c1bc5f33cfe462d471a48fa52 |
| SHA256 | 420379eae2cab153a4f538c5c9b68d848e78d5c336c8e7e13a923913eb9ba32c |
| SHA512 | 47d514492022932bb03f771d51bb1909235f9ebf7152b502e2412052628ff85c0342de42b4da8644c820b8bcf1e52fcace0fbc82c32c6216b4c2da56cf5eac71 |
C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
C:\Users\Admin\Documents\obOYO9tzCg15blk8m_371Z_K.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\BqqjQitAqMx10VLZYGXnOVUv.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\WpluEqYqtl60fUrXodfxKZKw.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
C:\Users\Admin\Documents\SG_ecBNA0JiSzLp3dJc4h3im.exe
| MD5 | 060e727c298a99826cabfacfee33321f |
| SHA1 | c94a1ab7b04f8f3bcba8538a901c7ae5f253c9aa |
| SHA256 | 440fe79cbaf72137d3062df26751a1c8cf8b0e1ce56ad66d4fac66cf56cf6a02 |
| SHA512 | 6baddb62b3a6e592a2009c00029180a2eddb5e07773c900d0adbd29aeea2306586102493ecd18832b06254702a59be97933f38b78e8529d18e8e720896c30ef5 |
C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
C:\Users\Admin\Documents\bkQZw1gCVF9krsiOQVj1lfKN.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
C:\Users\Admin\Documents\A5oXGGRIWoEPa64uoj0Sne_X.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\5yUPJBDPvl3fT0Gl5djpika6.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
memory/4236-272-0x0000000004A20000-0x0000000004ABD000-memory.dmp
memory/4700-276-0x0000000002F50000-0x0000000002F5A000-memory.dmp
memory/5196-279-0x0000000002DF0000-0x0000000002E05000-memory.dmp
memory/3184-275-0x00000000058A0000-0x00000000058A1000-memory.dmp
memory/3184-271-0x0000000005DB0000-0x0000000005DB1000-memory.dmp
memory/5256-280-0x0000000005330000-0x0000000005331000-memory.dmp
memory/5256-284-0x0000000005CE0000-0x0000000005CE1000-memory.dmp
memory/6088-291-0x0000000000000000-mapping.dmp
memory/6036-289-0x0000000000000000-mapping.dmp
memory/5196-288-0x0000000002E10000-0x0000000002E12000-memory.dmp
memory/5704-287-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5704-285-0x0000000000000000-mapping.dmp
memory/3184-290-0x0000000005800000-0x0000000005DA6000-memory.dmp
memory/5360-282-0x0000000001570000-0x0000000001585000-memory.dmp
memory/6132-293-0x0000000000000000-mapping.dmp
memory/5256-292-0x0000000005180000-0x0000000005726000-memory.dmp
memory/3184-296-0x0000000005A00000-0x0000000005A01000-memory.dmp
memory/5324-295-0x0000000000CB0000-0x0000000000CB2000-memory.dmp
memory/6088-299-0x0000000000400000-0x000000000067D000-memory.dmp
memory/5232-300-0x0000000000000000-mapping.dmp
memory/5256-298-0x0000000005550000-0x0000000005551000-memory.dmp
memory/1392-302-0x0000000000000000-mapping.dmp
memory/5360-294-0x000000001B9B0000-0x000000001B9B2000-memory.dmp
memory/3744-306-0x0000024028DB0000-0x0000024028E1F000-memory.dmp
memory/5208-309-0x0000000000620000-0x0000000000621000-memory.dmp
memory/5132-313-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/5316-311-0x00000000031C0000-0x00000000031FC000-memory.dmp
memory/5316-314-0x0000000000630000-0x0000000000631000-memory.dmp
memory/5276-317-0x0000000005F60000-0x0000000005F61000-memory.dmp
memory/4480-318-0x0000000000000000-mapping.dmp
memory/1420-331-0x0000000000000000-mapping.dmp
memory/4480-341-0x0000000000FD0000-0x0000000000FD1000-memory.dmp
memory/4608-340-0x0000000000000000-mapping.dmp
memory/1460-334-0x0000000000000000-mapping.dmp
memory/6036-337-0x0000024B5CAD0000-0x0000024B5CB3E000-memory.dmp
memory/5316-333-0x0000000005A50000-0x0000000005A51000-memory.dmp
memory/5276-329-0x0000000005870000-0x0000000005871000-memory.dmp
memory/5276-360-0x0000000005930000-0x0000000005931000-memory.dmp
memory/5644-359-0x0000000000000000-mapping.dmp
memory/5316-364-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/5316-366-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/5208-356-0x0000000005490000-0x0000000005491000-memory.dmp
memory/5132-367-0x0000000005BC0000-0x0000000005BC1000-memory.dmp
memory/5316-371-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/4480-374-0x000000001BBC0000-0x000000001BBC2000-memory.dmp
memory/5560-372-0x00000000056A0000-0x00000000056A1000-memory.dmp
memory/1420-378-0x000000001B440000-0x000000001B442000-memory.dmp
memory/5316-355-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/2492-351-0x0000000001FF0000-0x000000000201B000-memory.dmp
memory/5316-349-0x0000000005A70000-0x0000000005A71000-memory.dmp
memory/5560-354-0x0000000000000000-mapping.dmp
memory/2000-345-0x0000000000000000-mapping.dmp
memory/2752-343-0x00000000006F0000-0x00000000006F1000-memory.dmp
memory/5316-342-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/2752-328-0x0000000000000000-mapping.dmp
memory/2492-325-0x0000000000070000-0x0000000000071000-memory.dmp
memory/5276-324-0x0000000005940000-0x0000000005941000-memory.dmp
memory/5276-321-0x0000000005810000-0x0000000005811000-memory.dmp
memory/4400-320-0x0000000000000000-mapping.dmp
memory/2492-316-0x0000000000000000-mapping.dmp
memory/5232-310-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3744-308-0x0000024028E20000-0x0000024028EEF000-memory.dmp
memory/5276-305-0x0000000000730000-0x0000000000731000-memory.dmp
memory/5316-304-0x0000000000000000-mapping.dmp
memory/2492-382-0x000000001AC10000-0x000000001AC12000-memory.dmp
memory/5316-389-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
memory/5316-391-0x0000000005AE0000-0x0000000005AE1000-memory.dmp
memory/5316-393-0x0000000005AF0000-0x0000000005AF1000-memory.dmp
memory/5316-396-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/6140-399-0x0000000000000000-mapping.dmp
memory/5316-401-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/5316-404-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/5316-398-0x0000000005B20000-0x0000000005B21000-memory.dmp
memory/5316-394-0x0000000005B00000-0x0000000005B01000-memory.dmp
memory/5316-385-0x0000000005AC0000-0x0000000005AC1000-memory.dmp
memory/5316-410-0x0000000005B60000-0x0000000005B61000-memory.dmp
memory/6036-419-0x0000024B5CB40000-0x0000024B5CC0F000-memory.dmp
memory/1936-423-0x0000000000000000-mapping.dmp
memory/4160-429-0x0000000000000000-mapping.dmp
memory/5664-444-0x0000000000000000-mapping.dmp
memory/5300-437-0x00000000016C0000-0x0000000001FE6000-memory.dmp
memory/4856-435-0x0000000000000000-mapping.dmp
memory/5632-447-0x0000000000000000-mapping.dmp
memory/2688-452-0x0000000000000000-mapping.dmp
memory/4608-455-0x0000000005660000-0x0000000005661000-memory.dmp
memory/4160-451-0x0000000004890000-0x0000000004923000-memory.dmp
memory/3092-450-0x0000000000000000-mapping.dmp
memory/2816-459-0x0000000000000000-mapping.dmp
memory/1460-460-0x0000000005250000-0x0000000005251000-memory.dmp
memory/2000-458-0x00000000054D0000-0x00000000054D1000-memory.dmp
memory/5172-416-0x0000000000AC0000-0x0000000000AEF000-memory.dmp
memory/3988-418-0x0000000000000000-mapping.dmp
memory/3312-414-0x0000000000000000-mapping.dmp
memory/3084-471-0x0000000000400000-0x000000000046D000-memory.dmp
memory/5288-472-0x0000000002200000-0x0000000002201000-memory.dmp
memory/5316-406-0x0000000005B50000-0x0000000005B51000-memory.dmp
memory/5632-486-0x000000001B8A0000-0x000000001B8A2000-memory.dmp
memory/2816-487-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/4828-504-0x0000000005130000-0x0000000005748000-memory.dmp
memory/3092-509-0x0000024F8CF50000-0x0000024F8D082000-memory.dmp
memory/3092-507-0x0000024F8CD50000-0x0000024F8CE1D000-memory.dmp
memory/5048-523-0x0000000005180000-0x0000000005181000-memory.dmp
memory/1332-526-0x0000000004E90000-0x0000000004E91000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2021-08-13 10:16
Reported
2021-08-13 10:43
Platform
win11
Max time kernel
1368s
Max time network
1459s
Command Line
Signatures
Glupteba
Glupteba Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
MetaSploit
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rUNdlL32.eXe |
Raccoon
Raccoon Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fastsystem2021.exe | C:\Program Files (x86)\Company\NewProduct\customer3.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\haleng = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haleng.exe" | C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe" | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\Windows\CurrentVersion\Run\ | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Cleaner = "C:\\Users\\Admin\\AppData\\Roaming\\Cleaner\\Cleaner.exe --anbfs" | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4908 set thread context of 5004 | N/A | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe |
| PID 5972 set thread context of 4272 | N/A | C:\Users\Admin\AppData\Local\Temp\478.exe | C:\Users\Admin\AppData\Local\Temp\478.exe |
| PID 4584 set thread context of 2784 | N/A | C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe | C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Company\NewProduct\Uninstall.ini | C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\GameBox INC\GameBox\Uninstall.ini | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\Uninstall.exe | C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\customer3.exe | C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.jfm | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe | C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\d.INTEG.RAW | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File created | C:\Program Files (x86)\Company\NewProduct\tmp.edb | C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\resources.pak | C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Company\NewProduct\jooyu.exe | C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{B59E6947-D960-4A88-902E-F387AFD7DF1F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEA8E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.override | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\Installer\f74ccfa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE401.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE6A5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3A17.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF673958111347F097.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE1AC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE383.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE5F7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE636.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF15AFAB96E2A3B682.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f74ccfa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE1FB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE4AE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF556DC7FA4C4C4EC0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC795AE738B8556A6.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECB2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\AppCompat\Programs\Amcache.hve.tmp | C:\Windows\SysWOW64\WerFault.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID382.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\WerFault.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\WerFault.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordLength = "8" | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\7\52C64B7E | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ProviderPasswordCharacterGroups = "2" | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall | C:\Windows\system32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5b934b42-522b-4c34-bbfe-37a3ef7b9c90}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f8278c54-a712-415b-b593-b77a2be0dda9}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{1CF30A3D-D816-440F-811E-B77601E5F08B} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{EC370FEF-EB16-40FF-89A5-90F860C6C2B3} | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-257790753-2419383948-818201544-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\5316705.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_4.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\Rhciu3BLpDoZf6SGJLGjxGlE.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\11111.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\gkewlUgKxbiC4QdRpvFyct_3.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\4337185.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\1266434.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\6684504.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F6D9.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8 (6).exe
"C:\Users\Admin\AppData\Local\Temp\8 (6).exe"
C:\Windows\system32\wlrmdr.exe
-c -s 0 -f 0 -t Empty -m Empty -a 0 -u Empty
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\setup_install.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\System32\pcaui.exe
C:\Windows\System32\pcaui.exe -n 0 -a "" -v "" -g "" -x ""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_1.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_4.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_5.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_6.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sonia_7.exe
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_4.exe
sonia_4.exe
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_6.exe
sonia_6.exe
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_3.exe
sonia_3.exe
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_2.exe
sonia_2.exe
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.exe
sonia_1.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3704 -ip 3704
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_5.exe
sonia_5.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 580
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.exe
"C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.exe" -a
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2456 -ip 2456
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4496 -ip 4496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 240
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4412 -ip 4412
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 456
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe
"C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe"
C:\Users\Admin\Documents\jW2zFNgCyb7z4MbUQrhESnjn.exe
"C:\Users\Admin\Documents\jW2zFNgCyb7z4MbUQrhESnjn.exe"
C:\Users\Admin\Documents\EHCSjZkQ9to0zuvbSv2EMvXJ.exe
"C:\Users\Admin\Documents\EHCSjZkQ9to0zuvbSv2EMvXJ.exe"
C:\Users\Admin\Documents\zOhH0yARG6ZLOdj96Qqn1DsI.exe
"C:\Users\Admin\Documents\zOhH0yARG6ZLOdj96Qqn1DsI.exe"
C:\Users\Admin\Documents\1fLK4HrOTgyWAhALwwv0FRVL.exe
"C:\Users\Admin\Documents\1fLK4HrOTgyWAhALwwv0FRVL.exe"
C:\Users\Admin\Documents\kr4UZwTcSFk5fJ94r4F2QbTj.exe
"C:\Users\Admin\Documents\kr4UZwTcSFk5fJ94r4F2QbTj.exe"
C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe
"C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe"
C:\Users\Admin\Documents\Up8u6bt1kvmCBZ5hEXSLZ91H.exe
"C:\Users\Admin\Documents\Up8u6bt1kvmCBZ5hEXSLZ91H.exe"
C:\Users\Admin\Documents\Rhciu3BLpDoZf6SGJLGjxGlE.exe
"C:\Users\Admin\Documents\Rhciu3BLpDoZf6SGJLGjxGlE.exe"
C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe
"C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe"
C:\Users\Admin\Documents\A7FuV_srshyeLzgToDNfiOYA.exe
"C:\Users\Admin\Documents\A7FuV_srshyeLzgToDNfiOYA.exe"
C:\Users\Admin\Documents\C2HMYKJylTBmpIOVMqSSJj5S.exe
"C:\Users\Admin\Documents\C2HMYKJylTBmpIOVMqSSJj5S.exe"
C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe
"C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe"
C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe
"C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe"
C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe
"C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe"
C:\Users\Admin\Documents\gkewlUgKxbiC4QdRpvFyct_3.exe
"C:\Users\Admin\Documents\gkewlUgKxbiC4QdRpvFyct_3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4000 -ip 4000
C:\Program Files (x86)\Company\NewProduct\customer3.exe
"C:\Program Files (x86)\Company\NewProduct\customer3.exe"
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
C:\Users\Admin\Documents\Ea4btX9pLhf0VEyiuiiy92ST.exe
"C:\Users\Admin\Documents\Ea4btX9pLhf0VEyiuiiy92ST.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4336 -ip 4336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4284 -ip 4284
C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe
"C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe"
C:\Users\Admin\AppData\Local\Temp\is-H9K3U.tmp\Ea4btX9pLhf0VEyiuiiy92ST.tmp
"C:\Users\Admin\AppData\Local\Temp\is-H9K3U.tmp\Ea4btX9pLhf0VEyiuiiy92ST.tmp" /SL5="$30124,138429,56832,C:\Users\Admin\Documents\Ea4btX9pLhf0VEyiuiiy92ST.exe"
C:\Program Files (x86)\Company\NewProduct\jooyu.exe
"C:\Program Files (x86)\Company\NewProduct\jooyu.exe"
C:\Users\Admin\AppData\Roaming\1266434.exe
"C:\Users\Admin\AppData\Roaming\1266434.exe"
C:\Users\Admin\AppData\Roaming\4058254.exe
"C:\Users\Admin\AppData\Roaming\4058254.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4180 -ip 4180
C:\Users\Admin\AppData\Roaming\4337185.exe
"C:\Users\Admin\AppData\Roaming\4337185.exe"
C:\Users\Admin\AppData\Roaming\1135608.exe
"C:\Users\Admin\AppData\Roaming\1135608.exe"
C:\Users\Admin\AppData\Roaming\7574130.exe
"C:\Users\Admin\AppData\Roaming\7574130.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 240
C:\Users\Admin\AppData\Roaming\2915486.exe
"C:\Users\Admin\AppData\Roaming\2915486.exe"
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\7687493.exe
"C:\Users\Admin\AppData\Roaming\7687493.exe"
C:\Users\Admin\AppData\Roaming\6684504.exe
"C:\Users\Admin\AppData\Roaming\6684504.exe"
C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-2RN8J.tmp\Setup.exe" /Verysilent
C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox64bit.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" /quiet SILENT=1 AF=715 BF=715
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" /qn CAMPAIGN="710"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1456 -ip 1456
C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBox32Bit.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 864 -ip 864
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe"
C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe
"C:\Program Files (x86)\GameBox INC\GameBox\note8876.exe"
C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe
"C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SID=717 CID=717 SILENT=1 /quiet
C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe
"C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /DeleteCookiesWildcard "*.facebook.com"
C:\Users\Admin\AppData\Local\Temp\is-CGMLN.tmp\GameBoxWin32.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CGMLN.tmp\GameBoxWin32.tmp" /SL5="$202EC,506127,422400,C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe
"C:\Program Files (x86)\GameBox INC\GameBox\BotCheck.exe" -a
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\3475669.exe
"C:\Users\Admin\AppData\Roaming\3475669.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Roaming\5316705.exe
"C:\Users\Admin\AppData\Roaming\5316705.exe"
C:\Users\Admin\AppData\Roaming\7296893.exe
"C:\Users\Admin\AppData\Roaming\7296893.exe"
C:\Users\Admin\AppData\Roaming\7715603.exe
"C:\Users\Admin\AppData\Roaming\7715603.exe"
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5140 -ip 5140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 452
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 55962F122BABC00A8AD5D6E3A5E2BB58 C
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding FA855FCC61477230CD47B638D4423F20 C
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A4C5D61FF41EBA07880F828E71A29EC5 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner 1.0.0\install\FD7DF1F\Cleaner Installation.msi" SID=717 CID=717 SILENT=1 /quiet AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Cleaner Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 SID=717 CID=717 SILENT=1 /quiet " SID="717" CID="717"
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=715 BF=715 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\Weather Installation.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 /quiet SILENT=1 AF=715 BF=715 " AF="715" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912" BF="715"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 3936 -ip 3936
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 2940 -ip 2940
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 3924 -ip 3924
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2940 -s 728
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi" /qn CAMPAIGN=710 AI_SETUPEXEPATH="C:\Program Files (x86)\GameBox INC\GameBox\GameBoxWin64.exe" SETUPEXEDIR="C:\Program Files (x86)\GameBox INC\GameBox\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1628590692 /qn CAMPAIGN=""710"" " CAMPAIGN="710"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3936 -s 2256
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3924 -s 2348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1604 -ip 1604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 2532
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 154E6238FE42D8CE3B7E56B363FA3134
C:\Users\Admin\AppData\Local\Temp\22222.exe
C:\Users\Admin\AppData\Local\Temp\22222.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 6100 -ip 6100
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6100 -s 2340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5260 -ip 5260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 2544
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Users\Admin\AppData\Local\Temp\F6D9.exe
C:\Users\Admin\AppData\Local\Temp\F6D9.exe
C:\Users\Admin\AppData\Local\Temp\FCB6.exe
C:\Users\Admin\AppData\Local\Temp\FCB6.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2256 -ip 2256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 276
C:\Users\Admin\AppData\Local\Temp\1F7.exe
C:\Users\Admin\AppData\Local\Temp\1F7.exe
C:\Users\Admin\AppData\Local\Temp\478.exe
C:\Users\Admin\AppData\Local\Temp\478.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5140 -ip 5140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 236
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\RequiredApplication_1\Cleaner_Installation.exe" -silent=1 -CID=717 -SID=717 -submn=default
C:\Users\Admin\AppData\Local\Temp\478.exe
C:\Users\Admin\AppData\Local\Temp\478.exe
C:\Users\Admin\AppData\Local\Temp\5A2B.exe
C:\Users\Admin\AppData\Local\Temp\5A2B.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4240 -ip 4240
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 276
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4796 -ip 4796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 876
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\478.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" "--anbfs"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_901B.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner\prerequisites' -retry_count 10"
C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe
"C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe"
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Cleaner\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" --annotation=plat=Win64 --annotation=prod=Cleaner --annotation=ver=0.0.13 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff9f801dec0,0x7ff9f801ded0,0x7ff9f801dee0
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Cleaner\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Cleaner\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Cleaner --annotation=ver=0.0.13 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ff6b3e39e70,0x7ff6b3e39e80,0x7ff6b3e39e90
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1576 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=1816 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=2084 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2492 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=renderer --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Roaming\Cleaner\gen" --js-flags=--expose-gc --no-zygote --register-pepper-plugins=widevinecdmadapter.dll;application/x-ppapi-widevine-cdm --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --nwjs --extension-process --ppapi-flash-path=pepflashplayer.dll --ppapi-flash-version=32.0.0.223 --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2512 /prefetch:1
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=gpu-process --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2896 /prefetch:2
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=3460 /prefetch:8
C:\Program Files\Windows Defender\mpcmdrun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=3664 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=3668 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=3396 /prefetch:8
C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe
"C:\Users\Admin\AppData\Roaming\Cleaner\Cleaner.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1564,390341708504535714,4586069948060592632,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Cleaner\User Data" --nwapp-path="C:\Users\Admin\AppData\Local\Temp\nw5268_297750407" --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x1dc,0x1e0,0x1e4,0x19c,0x1e8,0x7ffa0fb346f8,0x7ffa0fb34708,0x7ffa0fb34718
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 2784 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 2784 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 2784
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /PID 2784
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,17232528107486687596,14061496322342941297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5920 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
C:\Users\Admin\AppData\Local\Temp\11111.exe
C:\Users\Admin\AppData\Local\Temp\11111.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
Network
| Country | Destination | Domain | Proto |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 52.178.17.2:443 | tcp | |
| N/A | 8.8.8.8:53 | slscr.update.microsoft.com | udp |
| N/A | 40.125.122.176:443 | slscr.update.microsoft.com | tcp |
| N/A | 52.152.108.96:443 | fe3cr.delivery.mp.microsoft.com | tcp |
| N/A | 40.125.122.176:443 | slscr.update.microsoft.com | tcp |
| N/A | 40.125.122.176:443 | slscr.update.microsoft.com | tcp |
| N/A | 127.0.0.1:49733 | tcp | |
| N/A | 127.0.0.1:49735 | tcp | |
| N/A | 8.8.8.8:53 | ipinfo.io | udp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 37.0.8.235:80 | 37.0.8.235 | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 104.21.89.171:80 | 22rtdfhjd.club | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 8.8.8.8:53 | drkapoorclinic.com | udp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | a.goatagame.com | udp |
| N/A | 77.246.144.104:80 | 3freeprivacytoolsforyou.xyz | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 37.0.11.8:80 | 37.0.11.8 | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 8.8.8.8:53 | fsstoragecloudservice.com | udp |
| N/A | 104.21.88.226:80 | i.spesgrt.com | tcp |
| N/A | 52.219.4.195:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 172.67.145.110:80 | a.goatagame.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:80 | cdn.discordapp.com | tcp |
| N/A | 172.67.145.110:443 | a.goatagame.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 111.90.156.58:80 | fsstoragecloudservice.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 93.179.69.156:80 | seymakaymazoglu.com | tcp |
| N/A | 111.90.156.58:443 | fsstoragecloudservice.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:80 | drkapoorclinic.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 35.154.165.160:443 | drkapoorclinic.com | tcp |
| N/A | 52.219.4.195:443 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 104.21.92.87:80 | music-sec.xyz | tcp |
| N/A | 2.18.105.186:80 | go.microsoft.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 104.21.92.87:80 | music-sec.xyz | tcp |
| N/A | 34.117.59.81:80 | ipinfo.io | tcp |
| N/A | 104.21.92.87:80 | music-sec.xyz | tcp |
| N/A | 34.117.59.81:443 | ipinfo.io | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 52.247.37.26:80 | dmd.metaservices.microsoft.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 104.26.9.187:80 | proxycheck.io | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 52.219.136.59:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 52.219.136.59:80 | 24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 37.0.10.236:80 | 37.0.10.236 | tcp |
| N/A | 31.13.83.36:443 | www.facebook.com | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 185.230.143.16:32115 | 185.230.143.16 | tcp |
| N/A | 45.14.49.128:16334 | 45.14.49.128 | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.217.17.78:443 | script.google.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 5.44.45.5:80 | readinglistforjuly1.xyz | tcp |
| N/A | 186.2.171.3:80 | 186.2.171.3 | tcp |
| N/A | 172.67.145.153:443 | all-brain-company.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 142.250.179.193:443 | script.googleusercontent.com | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 104.21.92.87:80 | music-sec.xyz | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 172.67.202.174:443 | getdesignusa.xyz | tcp |
| N/A | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 172.67.145.153:443 | all-brain-company.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplis.ru | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 54.224.34.30:443 | paybiz.herokuapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 141.136.0.182:80 | karopirint.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 88.218.92.49:80 | imgs.googlwaa.com | tcp |
| N/A | 104.16.202.237:443 | www.mediafire.com | tcp |
| N/A | 199.91.155.72:443 | download2331.mediafire.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.163.135.248:80 | superstationcity.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 91.241.19.52:80 | 91.241.19.52 | tcp |
| N/A | 5.44.45.5:80 | readinglistforjuly1.xyz | tcp |
| N/A | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 142.250.179.174:80 | www.google-analytics.com | tcp |
| N/A | 8.8.8.8:53 | most-fast-link-download.com | udp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 195.201.225.248:443 | telete.in | tcp |
| N/A | 45.67.231.40:80 | 45.67.231.40 | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 34.201.81.34:443 | paybiz.herokuapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 66.29.142.130:80 | most-fast-link-download.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 23.51.123.27:80 | tl.symcd.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 104.21.10.13:443 | p6701.softemstore.xyz | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 131.253.33.203:443 | api.msn.com | tcp |
| N/A | 131.253.33.203:443 | api.msn.com | tcp |
| N/A | 131.253.33.200:443 | www.bing.com | tcp |
| N/A | 2.17.34.94:443 | assets.msn.com | tcp |
| N/A | 2.17.34.94:443 | assets.msn.com | tcp |
| N/A | 2.17.34.94:443 | assets.msn.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 52.142.114.2:443 | c.msn.com | tcp |
| N/A | 65.9.73.27:443 | sb.scorecardresearch.com | tcp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 2.22.22.217:443 | img-s-msn-com.akamaized.net | tcp |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | tcp |
| N/A | 172.67.130.174:443 | feed.rpufeed.space | tcp |
| N/A | 20.82.209.104:443 | arc.msn.com | tcp |
| N/A | 20.189.173.7:443 | browser.events.data.msn.com | tcp |
| N/A | 51.144.113.175:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 2.22.22.219:443 | img-prod-cms-rt-microsoft-com.akamaized.net | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | udp |
| N/A | 204.79.197.203:443 | tcp | |
| N/A | 204.79.197.203:443 | tcp | |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 185.64.189.110:443 | tcp | |
| N/A | 172.105.220.23:443 | tcp | |
| N/A | 172.105.220.23:443 | tcp | |
| N/A | 104.21.8.210:443 | feed.rpufeed.space | udp |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 141.226.124.48:443 | tcp | |
| N/A | 18.159.171.176:443 | tcp | |
| N/A | 18.159.171.176:443 | tcp | |
| N/A | 52.58.229.235:443 | tcp | |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 64.58.116.132:443 | tcp | |
| N/A | 64.58.116.132:443 | tcp | |
| N/A | 151.101.1.44:443 | tcp | |
| N/A | 104.19.134.78:443 | tcp | |
| N/A | 104.19.134.78:443 | tcp | |
| N/A | 35.211.99.204:443 | tcp | |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:5985 | tcp | |
| N/A | 2.22.147.24:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 20.189.173.6:443 | tcp | |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 20.189.173.6:443 | tcp | |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 157.240.27.35:443 | www.facebook.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 88.99.66.31:443 | iplogger.org | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 212.224.105.79:80 | yabelesatg.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 172.67.176.199:443 | s.lletlee.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 185.142.98.122:80 | readinglistforjuly2.xyz | tcp |
| N/A | 212.224.105.106:80 | sytareliar.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 45.136.151.102:80 | uehge4g6gh.2ihsfa.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 194.169.160.30:80 | ceneimarck.xyz | tcp |
| N/A | 162.159.133.233:443 | cdn.discordapp.com | tcp |
Files
memory/3016-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
| MD5 | 74231678f536a19b3016840f56b845c7 |
| SHA1 | a5645777558a7d5905e101e54d61b0c8c1120de3 |
| SHA256 | cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4 |
| SHA512 | 4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f |
memory/4592-149-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
memory/3704-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\setup_install.exe
| MD5 | a3ca32ebdba2c07c2d386bb31cbd6d51 |
| SHA1 | e7841e1f475f922d5264b5ce5d123a1b3927f9e6 |
| SHA256 | 0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b |
| SHA512 | c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libstdc++-6.dll
| MD5 | 5e279950775baae5fea04d2cc4526bcc |
| SHA1 | 8aef1e10031c3629512c43dd8b0b5d9060878453 |
| SHA256 | 97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87 |
| SHA512 | 666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libgcc_s_dw2-1.dll
| MD5 | 9aec524b616618b0d3d00b27b6f51da1 |
| SHA1 | 64264300801a353db324d11738ffed876550e1d3 |
| SHA256 | 59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e |
| SHA512 | 0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libcurl.dll
| MD5 | d09be1f47fd6b827c81a4812b4f7296f |
| SHA1 | 028ae3596c0790e6d7f9f2f3c8e9591527d267f7 |
| SHA256 | 0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e |
| SHA512 | 857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libcurlpp.dll
| MD5 | e6e578373c2e416289a8da55f1dc5e8e |
| SHA1 | b601a229b66ec3d19c2369b36216c6f6eb1c063e |
| SHA256 | 43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f |
| SHA512 | 9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\libwinpthread-1.dll
| MD5 | 1e0d62c34ff2e649ebc5c372065732ee |
| SHA1 | fcfaa36ba456159b26140a43e80fbd7e9d9af2de |
| SHA256 | 509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723 |
| SHA512 | 3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61 |
memory/3704-164-0x000000006B440000-0x000000006B4CF000-memory.dmp
memory/3704-165-0x000000006FE40000-0x000000006FFC6000-memory.dmp
memory/3704-166-0x000000006B280000-0x000000006B2A6000-memory.dmp
memory/3704-167-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_6.txt
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_5.txt
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_4.txt
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_3.txt
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_2.txt
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.txt
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3000-174-0x0000000000000000-mapping.dmp
memory/3560-176-0x0000000000000000-mapping.dmp
memory/872-175-0x0000000000000000-mapping.dmp
memory/3188-177-0x0000000000000000-mapping.dmp
memory/4988-180-0x0000000000000000-mapping.dmp
memory/2112-186-0x0000000000000000-mapping.dmp
memory/1176-185-0x0000000000000000-mapping.dmp
memory/1268-183-0x0000000000000000-mapping.dmp
memory/3704-182-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3704-184-0x0000000064940000-0x0000000064959000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_4.exe
| MD5 | 6765fe4e4be8c4daf3763706a58f42d0 |
| SHA1 | cebb504bfc3097a95d40016f01123b275c97d58c |
| SHA256 | 755a4266245c52bcd0328044c8a0908b2daafbad140cee06830b991493f21f60 |
| SHA512 | c6b8d328768040b31aad0441258240ce8e99a80dba028462bd03ad9d5964d4877c296f25a5a2ca59bcafe0ad75297da39352c17f3df1bb79ec091e5ace3b5d55 |
memory/4500-190-0x0000000000000000-mapping.dmp
memory/2456-193-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_3.exe
| MD5 | ee658be7ea7269085f4004d68960e547 |
| SHA1 | 979afc4726af14d9079b6cf288686b0e7e4a17e5 |
| SHA256 | d7e078e3e520767a92acb1eaadf4c7ef75f30e215be4dddfebe684c2504c6fe3 |
| SHA512 | fc77c079d152b595e249c13b9b0ca97d525407e228c416630a2565707eaacd6805fe1a1c6029b0032d493ae5b67c7d566cc19ab317d9c8e56dfdabc3646d5b1e |
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_6.exe
| MD5 | 2eb68e495e4eb18c86a443b2754bbab2 |
| SHA1 | 82a535e1277ea7a80b809cfeb97dcfb5a5d48a37 |
| SHA256 | a9083c13dd04bf55cc8e29ab4fe8a0053edf3ffe9b1e5ec31db207a45a98aaaf |
| SHA512 | f7dc8d9a8726a6da6226a059094fcaf45190b2b41e6fae7d2aa48eacbd1dfc3b871770c74b1504801f5e7a05f1e3b47ac13cffc8190089f3d07e5c55aa725898 |
memory/4496-189-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/3704-181-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3704-179-0x0000000064940000-0x0000000064959000-memory.dmp
memory/3548-178-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_2.exe
| MD5 | 18ffdaa7a2c9906db10ffc13f7c73d23 |
| SHA1 | f195661bc0f9735d02fbe0e937bfd80cf0bcb11f |
| SHA256 | 365bbeb36a288d829c8dc0f1bf7f70949dd10474586cfc7123c1503256b9e5c3 |
| SHA512 | db1f81c5b6cac59d6e58e8ab4020bdef7386fa1aa7297f57f693334b70d3dd553ab844f85f92e9903b667cae19f30f188f84939ac0bba2f5999d5bf89793ea34 |
memory/2112-195-0x0000000000520000-0x0000000000521000-memory.dmp
memory/724-197-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_5.exe
| MD5 | 0c3f670f496ffcf516fe77d2a161a6ee |
| SHA1 | 0c59d3494b38d768fe120e0a4ca2a1dca7567e6e |
| SHA256 | 8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0 |
| SHA512 | bce80fa77557683645480ec28bf5f3a4facb780728d709166890c18decb2095509f69c524e4ce5fbcb48788961554be0467dc78db70f1fd2d242dbd5922a1095 |
memory/4272-199-0x0000000000000000-mapping.dmp
memory/2112-200-0x000000001B150000-0x000000001B152000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8CBEFCA3\sonia_1.exe
| MD5 | 6e43430011784cff369ea5a5ae4b000f |
| SHA1 | 5999859a9ddfcc66e41ff301b0eeb92ef0ce5b9f |
| SHA256 | a5ab29e6fc308d1fe9fd056e960d7ccd474e2d22fb6a799d07086ec715a89d9a |
| SHA512 | 33ef732056182b9ab073d2eacfd71d3f1cb969ee038a19336fb5e0263a4e870742082c756a57010a26e7eab747a2332523d638f2570b8070b933bf957d2dea96 |
memory/2456-202-0x0000000000A50000-0x0000000000A59000-memory.dmp
memory/4496-203-0x0000000000C50000-0x0000000000CED000-memory.dmp
memory/4180-204-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | 7fee8223d6e4f82d6cd115a28f0b6d58 |
| SHA1 | 1b89c25f25253df23426bd9ff6c9208f1202f58b |
| SHA256 | a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59 |
| SHA512 | 3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4 |
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
memory/4412-208-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\axhub.dll
| MD5 | 1c7be730bdc4833afb7117d48c3fd513 |
| SHA1 | dc7e38cfe2ae4a117922306aead5a7544af646b8 |
| SHA256 | 8206b4b3897ca45b9e083273f616902966e57091516844906e6ae2aefe63cef1 |
| SHA512 | 7936c862a06b7ecdb6710a1bb62cbea149f75504b580c2f100945674c987f3eec53e9aa5915e32b4f74bcf46f2df9468f68a454400faebd909f933e8072e0f2e |
C:\Users\Admin\AppData\Local\Temp\axhub.dat
| MD5 | 99ab358c6f267b09d7a596548654a6ba |
| SHA1 | d5a643074b69be2281a168983e3f6bef7322f676 |
| SHA256 | 586339f93c9c0eed8a42829ab307f2c5381a636edbcf80df3770c27555034380 |
| SHA512 | 952040785a3c1dcaea613d2e0d46745d5b631785d26de018fd9f85f8485161d056bf67b19c96ae618d35de5d5991a0dd549d749949faea7a2e0f9991a1aa2b2b |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | b7161c0845a64ff6d7345b67ff97f3b0 |
| SHA1 | d223f855da541fe8e4c1d5c50cb26da0a1deb5fc |
| SHA256 | fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66 |
| SHA512 | 98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680 |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
| MD5 | a6279ec92ff948760ce53bba817d6a77 |
| SHA1 | 5345505e12f9e4c6d569a226d50e71b5a572dce2 |
| SHA256 | 8b581869bf8944a8e0aa169adea2a4afe47434123da477132880aff6a5032181 |
| SHA512 | 213cb374f1273c899e0c88a20c0101a7c28024ce5046a2e0d7898bd182d918288bb80367fea4454c437c057ff9ed4fffd42be48a13ca73653021a6d63e1cfa9c |
memory/4764-212-0x0000000000000000-mapping.dmp
memory/4044-222-0x0000000000000000-mapping.dmp
memory/4284-221-0x0000000000000000-mapping.dmp
memory/2524-220-0x0000000000000000-mapping.dmp
memory/4000-219-0x0000000000000000-mapping.dmp
memory/4924-218-0x0000000000000000-mapping.dmp
memory/660-217-0x0000000000000000-mapping.dmp
memory/4584-216-0x0000000000000000-mapping.dmp
memory/4180-215-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\jW2zFNgCyb7z4MbUQrhESnjn.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
memory/2184-245-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\jW2zFNgCyb7z4MbUQrhESnjn.exe
| MD5 | 9d39cbeb9a1394fbdf12f882f68bc161 |
| SHA1 | 371ac387179eb7bbfa2e6710560fd0ac76ff6956 |
| SHA256 | 057d52075dae0fd0ad8dfce142978a92220e6c1894d0e58ab0b03bedbe7645ce |
| SHA512 | 8cb493b6eba5e9d80116466bb96a9dcabaf3f496c337ca356c99060d9d743286d66a5412d5e9e8e7cde860eaf7307a68fe45a6a1bbe2978c58e6a8b9e498d69f |
memory/2524-243-0x00000000013E0000-0x00000000013F0000-memory.dmp
C:\Users\Admin\Documents\k_nC9QIMxbuqGCFsy9nEyeYs.exe
| MD5 | 0f73a44e00e05a2257c26a0ab3eb84ab |
| SHA1 | 9c90dac9386f8ef2a44fac90f154a42173461a60 |
| SHA256 | d256af9cf801950977e5c289587c7c9664d75d0d36e8b19c55e5e9b0ec0312a5 |
| SHA512 | a3d479ad86ca6dd16298311f5244fc74e9c8711a8dc7bc45bb7f247e911e037f3258a353e2059538170b32800f9665593b7d4a3d7707770a7f79e5cc62bc0261 |
memory/2812-240-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\EHCSjZkQ9to0zuvbSv2EMvXJ.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
C:\Users\Admin\Documents\EHCSjZkQ9to0zuvbSv2EMvXJ.exe
| MD5 | a6ef5e293c9422d9a4838178aea19c50 |
| SHA1 | 93b6d38cc9376fa8710d2df61ae591e449e71b85 |
| SHA256 | 94ae283f87d31de4b9ae3344c469239be735621cd7546e95dfa70afa028507a0 |
| SHA512 | b5a999ca504efb49bcb209dcc1791dd77eded67f798590deb25a545009c2ad7577c8edc376b0f6c26140f82ecb5196b0a821be0cede6cdf65938ee174bfd4454 |
memory/4908-237-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\zOhH0yARG6ZLOdj96Qqn1DsI.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\zOhH0yARG6ZLOdj96Qqn1DsI.exe
| MD5 | fce7591a4edab9b6536e377cb6140486 |
| SHA1 | bb4ad63d6501a4729b2a74a745e660497066a6c3 |
| SHA256 | 5f0caccb3ca599a30b5f298f9bb414fe721121c83b7bedc7c59ffe4128c96b61 |
| SHA512 | 59c9c2da699c08d370ac2bcb47d15f25c4a7c37c9d40c02049607a5bfd816c09991f7e1dd10fae84722395b85ce63cadb09893e14c703259098f60163a5988b2 |
C:\Users\Admin\Documents\1fLK4HrOTgyWAhALwwv0FRVL.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
C:\Users\Admin\Documents\1fLK4HrOTgyWAhALwwv0FRVL.exe
| MD5 | 9499dac59e041d057327078ccada8329 |
| SHA1 | 707088977b09835d2407f91f4f6dbe4a4c8f2fff |
| SHA256 | ca607b3f03dd62f3ac9648087f30f502540be9944ef38b3ca622c2b9bcef06b9 |
| SHA512 | 9d78de87d752902587a77d410de012b626dabf5d3a8576f90a9f1056f7a9866a442132defb3b99f2a12346571bcec29dccad5c27cdd59222a51518ceab3fc397 |
memory/864-232-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\kr4UZwTcSFk5fJ94r4F2QbTj.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
C:\Users\Admin\Documents\kr4UZwTcSFk5fJ94r4F2QbTj.exe
| MD5 | d8b2a0b440b26c2dc3032e3f0de38b72 |
| SHA1 | ceca844eba2a784e4fbdac0e9377df9d4b9a668b |
| SHA256 | 55da2aa80bd64db9aebd250ce15446ab248255669e64ef3353b7eaae000c6241 |
| SHA512 | abc9c8fb1553ab00ed7b628e8810f3e700e07ef9c159eac91bef527531b2c92ac1631d5d81f11c4dfc57687ed2d6b00f6b14195a3024c683d4e27b2d84a75cb3 |
memory/4336-229-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
memory/1596-226-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\VKg6JumlIYA5aDXV7ctn7nLS.exe
| MD5 | 90eb803d0e395eab28a6dc39a7504cc4 |
| SHA1 | 7a0410c3b8827a9542003982308c5ad06fdf473f |
| SHA256 | 1c807ecd12c7278d5329e60d3afbd072bb0b8823545ac4f8b50a5e0f1e679fcd |
| SHA512 | d9bfacb7d4f6fe3a8721c30841837c92f7c78ae6d6db1de7d5cc7b4e04e0c6520c277b7fc538efd55a0961c5a055ce60e5412bf7da1455c39154b3d1ea064835 |
C:\Users\Admin\Documents\Up8u6bt1kvmCBZ5hEXSLZ91H.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
C:\Users\Admin\Documents\Up8u6bt1kvmCBZ5hEXSLZ91H.exe
| MD5 | ab8781ed006eff23e2f4391e9d87d33c |
| SHA1 | d557dc317e733bcc896a08158c4bc978b524c689 |
| SHA256 | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b |
| SHA512 | 73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69 |
memory/1460-223-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\rAeuqqH7W_E8N4sD4i2Mamj5.exe
| MD5 | f8d92d2f91fd134e57b6764c0eba5de3 |
| SHA1 | 1ed71b2e5a398c1c1bc5f33cfe462d471a48fa52 |
| SHA256 | 420379eae2cab153a4f538c5c9b68d848e78d5c336c8e7e13a923913eb9ba32c |
| SHA512 | 47d514492022932bb03f771d51bb1909235f9ebf7152b502e2412052628ff85c0342de42b4da8644c820b8bcf1e52fcace0fbc82c32c6216b4c2da56cf5eac71 |
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
| MD5 | a174d42aebd9b07b023f7508e05c279b |
| SHA1 | f70cd24ba0b5b801a04111a9c5b5ec324926c7c3 |
| SHA256 | fef48e8c21cc4c8f7ebf5580d2488df5793dba5589c7e042934ea1a0b4c9beb2 |
| SHA512 | 4897e43aedf30651a450ed3e978c35e76e51d9f001ddf9353d62a8f375cb2f5caf203603dc463a9bf6f1f866b0943acd00734a222fce17721705d7e3329825ef |
C:\Users\Admin\Documents\Rhciu3BLpDoZf6SGJLGjxGlE.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
C:\Users\Admin\Documents\hf92vg9lOrb9yf59yEw0nT99.exe
| MD5 | 54ce8822fbf1cdb94c28d12ccd82f8f9 |
| SHA1 | 7077757f069fe0ebd338aeff700cab323e3ab235 |
| SHA256 | 0984c3c6a8ab0a4e8f4564ebcd54ab74ae2d22230afafe48b346485251f522e2 |
| SHA512 | 183115142a2ae68259392fc03783f49df9312acdc49011ca367acaa82d68c209d25d50a0a917504572cc3b7467d7ce4ea6bf391fe6462d1f09ae743e8c0ea435 |
memory/4000-258-0x0000000002E50000-0x0000000002E59000-memory.dmp
memory/4908-261-0x0000000002D70000-0x0000000002D7A000-memory.dmp
C:\Users\Admin\Documents\Rhciu3BLpDoZf6SGJLGjxGlE.exe
| MD5 | 8b0f6235ecca70f12b2af9fc99abf208 |
| SHA1 | 4241eabb630b9846ab003fda6f3a8f39df423496 |
| SHA256 | 95bfcb9ec97978061e11529df66763e557b1594430867ee63cde0f115bbef933 |
| SHA512 | 9f62349a5284c33cd7ba204139eb97131e8cb435a76dfbc9458b2278166872a4f304016458945a457a915797a1695e58c92add81dfd4a43cde111a207303df3b |
memory/4840-255-0x0000000000000000-mapping.dmp
C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\GcfaqmHGKpUcuIXW3qzlmP51.exe
| MD5 | 6083371a04d8e7a2639746dc7978a62b |
| SHA1 | df280c12f41e54c82ff0f86aec875795257e45ce |
| SHA256 | eee2c4346d2835ece149394040f1d85bb9b8469c02d8ddbbc1b12b570bd1c015 |
| SHA512 | 31680e4ac17a35c276fc1582f3c435c304332a589e57082d970d3c98133401567f66726c975450d4a0712b198b40d057b87664c2bff14ebcf8b61e0a2f616b42 |
C:\Users\Admin\Documents\A7FuV_srshyeLzgToDNfiOYA.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
C:\Users\Admin\Documents\A7FuV_srshyeLzgToDNfiOYA.exe
| MD5 | 2654d11f2d3ce974e432ad1c84bcd1f7 |
| SHA1 | 053efdc46790dd1b49e93863df59c83c39342c8f |
| SHA256 | df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51 |
| SHA512 | 8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7 |
C:\Users\Admin\Documents\C2HMYKJylTBmpIOVMqSSJj5S.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
C:\Users\Admin\Documents\C2HMYKJylTBmpIOVMqSSJj5S.exe
| MD5 | f550d370e8256649934a6c9052b0803c |
| SHA1 | cb7bc0a067bbbe77b306b87e2b4d3f0e9ce89175 |
| SHA256 | 175b0b3d82bc46f9178ca9051066496e464d846270f5abc7d2b5db01233efbc5 |
| SHA512 | c19ef1e5d893ec8f53bdec76f6f6c23a712d53035c99cb2a9bef23899896d4be1a03378f512fce3c8fd87edbadc5f12fea8b1efbdec164dbd373632933f5b2b9 |
C:\Users\Admin\Documents\N1NWVEaMNE_wc3IcbJIXX0Zb.exe
| MD5 | 060e727c298a99826cabfacfee33321f |
| SHA1 | c94a1ab7b04f8f3bcba8538a901c7ae5f253c9aa |
| SHA256 | 440fe79cbaf72137d3062df26751a1c8cf8b0e1ce56ad66d4fac66cf56cf6a02 |
| SHA512 | 6baddb62b3a6e592a2009c00029180a2eddb5e07773c900d0adbd29aeea2306586102493ecd18832b06254702a59be97933f38b78e8529d18e8e720896c30ef5 |
memory/4336-263-0x0000000004A40000-0x0000000004ADD000-memory.dmp
memory/4584-264-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2524-273-0x0000000001400000-0x0000000001412000-memory.dmp
memory/4584-274-0x00000000052D0000-0x00000000052D1000-memory.dmp
memory/2812-277-0x00000000010B0000-0x00000000010C5000-memory.dmp
memory/4584-278-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
memory/660-279-0x0000000000980000-0x0000000000995000-memory.dmp
memory/3892-282-0x0000000000000000-mapping.dmp
memory/4584-281-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/4584-276-0x0000000004E00000-0x0000000004E01000-memory.dmp
memory/5004-275-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4284-268-0x0000000004A10000-0x0000000004AAD000-memory.dmp
memory/5004-271-0x0000000000000000-mapping.dmp
memory/660-262-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2812-265-0x00000000008F0000-0x00000000008F1000-memory.dmp
memory/2812-285-0x000000001B610000-0x000000001B612000-memory.dmp
memory/3752-283-0x0000000000000000-mapping.dmp
memory/580-284-0x0000000000000000-mapping.dmp
memory/3752-287-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3192-288-0x00000000056B0000-0x00000000056C6000-memory.dmp
memory/4584-290-0x0000000005010000-0x0000000005011000-memory.dmp
memory/4836-292-0x0000000000000000-mapping.dmp
memory/660-291-0x00000000009C0000-0x00000000009C2000-memory.dmp
memory/1140-289-0x0000000000000000-mapping.dmp
memory/4584-293-0x00000000050F0000-0x00000000050F1000-memory.dmp
memory/580-295-0x0000000000400000-0x000000000067D000-memory.dmp
memory/1140-297-0x00000000031F0000-0x000000000322C000-memory.dmp
memory/1140-298-0x0000000000800000-0x0000000000801000-memory.dmp
memory/4044-301-0x0000000000FD0000-0x0000000000FD1000-memory.dmp
memory/4584-296-0x0000000004D20000-0x00000000052C6000-memory.dmp
memory/4924-299-0x000001E108CE0000-0x000001E108D4F000-memory.dmp
memory/4840-294-0x000000001B410000-0x000000001B412000-memory.dmp
memory/1596-308-0x00000000060D0000-0x00000000060D1000-memory.dmp
memory/3936-309-0x0000000000000000-mapping.dmp
memory/1140-307-0x0000000005A60000-0x0000000005A61000-memory.dmp
memory/1140-306-0x0000000005A50000-0x0000000005A51000-memory.dmp
memory/1596-303-0x0000000000540000-0x0000000000541000-memory.dmp
memory/4924-302-0x000001E108D50000-0x000001E108E1F000-memory.dmp
memory/1140-313-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/1140-311-0x0000000005A70000-0x0000000005A71000-memory.dmp
memory/1596-310-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/3192-314-0x0000000002D90000-0x0000000002DA0000-memory.dmp
memory/3192-318-0x0000000008270000-0x0000000008280000-memory.dmp
memory/1140-321-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/3936-316-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/1460-319-0x0000000000220000-0x0000000000221000-memory.dmp
memory/1140-317-0x0000000005A90000-0x0000000005A91000-memory.dmp
memory/1596-315-0x0000000005B90000-0x0000000005B91000-memory.dmp
memory/1596-312-0x0000000005C50000-0x0000000005C51000-memory.dmp
memory/2724-329-0x0000000000000000-mapping.dmp
memory/3192-323-0x0000000002D90000-0x0000000002E10000-memory.dmp
memory/1140-325-0x0000000005AB0000-0x0000000005AB1000-memory.dmp
memory/1140-330-0x0000000005AC0000-0x0000000005AC1000-memory.dmp
memory/4180-337-0x0000000000BB0000-0x0000000000BDF000-memory.dmp
memory/1140-334-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
memory/2940-343-0x0000000000000000-mapping.dmp
memory/3936-347-0x00000000009E0000-0x00000000009E1000-memory.dmp
memory/3892-354-0x000001E98EA10000-0x000001E98EADF000-memory.dmp
memory/3892-350-0x000001E98E9A0000-0x000001E98EA0E000-memory.dmp
memory/1140-345-0x0000000005AE0000-0x0000000005AE1000-memory.dmp
memory/1596-340-0x0000000005AA0000-0x0000000005AA1000-memory.dmp
memory/3924-344-0x0000000000000000-mapping.dmp
memory/3304-353-0x0000000000000000-mapping.dmp
memory/3452-359-0x0000000000000000-mapping.dmp
memory/3936-361-0x000000001AF00000-0x000000001AF02000-memory.dmp
memory/3192-358-0x0000000008270000-0x00000000082F0000-memory.dmp
memory/3732-365-0x0000000000000000-mapping.dmp
memory/3924-357-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
memory/3380-355-0x0000000000000000-mapping.dmp
memory/1140-370-0x0000000005AF0000-0x0000000005AF1000-memory.dmp
memory/4044-367-0x0000000005C80000-0x0000000005C81000-memory.dmp
memory/1764-371-0x0000000000000000-mapping.dmp
memory/1140-381-0x0000000005B10000-0x0000000005B11000-memory.dmp
memory/1140-376-0x0000000005B00000-0x0000000005B01000-memory.dmp
memory/1604-388-0x0000000000000000-mapping.dmp
memory/2940-384-0x000000001ADD0000-0x000000001ADD2000-memory.dmp
memory/1140-389-0x0000000005B20000-0x0000000005B21000-memory.dmp
memory/1140-395-0x0000000005B40000-0x0000000005B41000-memory.dmp
memory/1460-397-0x0000000005600000-0x0000000005601000-memory.dmp
memory/1140-400-0x0000000005B50000-0x0000000005B51000-memory.dmp
memory/1140-393-0x0000000005B30000-0x0000000005B31000-memory.dmp
memory/1140-402-0x0000000005B60000-0x0000000005B61000-memory.dmp
memory/1920-413-0x0000000000000000-mapping.dmp
memory/1604-417-0x00000000056D0000-0x00000000056D1000-memory.dmp
memory/3924-419-0x0000000002BB0000-0x0000000002BB2000-memory.dmp
memory/1456-422-0x0000000000000000-mapping.dmp
memory/812-424-0x0000000000000000-mapping.dmp
memory/1364-428-0x0000000000000000-mapping.dmp
memory/1712-430-0x0000000000000000-mapping.dmp
memory/1008-435-0x0000000000000000-mapping.dmp
memory/660-434-0x0000000000000000-mapping.dmp
memory/3824-441-0x0000000000000000-mapping.dmp
memory/1456-447-0x0000000004A50000-0x0000000004AE3000-memory.dmp
memory/864-451-0x00000000015E0000-0x0000000001F06000-memory.dmp
memory/2396-446-0x0000000000000000-mapping.dmp
memory/3536-439-0x0000000000000000-mapping.dmp
memory/4376-459-0x0000000000000000-mapping.dmp
memory/1724-456-0x0000000000000000-mapping.dmp
memory/1724-473-0x0000000000400000-0x000000000046D000-memory.dmp
memory/2724-467-0x0000000002420000-0x0000000002421000-memory.dmp
memory/1764-486-0x0000000005870000-0x0000000005871000-memory.dmp
memory/3304-488-0x0000000005710000-0x0000000005711000-memory.dmp
memory/1712-490-0x000000001B710000-0x000000001B712000-memory.dmp
memory/1544-491-0x0000000000760000-0x0000000000761000-memory.dmp
memory/1008-512-0x00000259A46E0000-0x00000259A47AD000-memory.dmp
memory/1008-513-0x00000259A48E0000-0x00000259A4A12000-memory.dmp
memory/5680-515-0x0000000005290000-0x0000000005291000-memory.dmp
memory/5260-544-0x00000000054B0000-0x00000000054B1000-memory.dmp
memory/6100-546-0x0000000002450000-0x0000000002452000-memory.dmp
memory/1708-549-0x0000000005170000-0x0000000005171000-memory.dmp