Malware Analysis Report

2024-11-30 15:49

Sample ID 221013-yele4sbca6
Target Hellgate.exe
SHA256 96b725f4b6600d65455c4b7c67e417a8c819f06079634f9f8828093509a16054
Tags
mercurialgrabber evasion spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

96b725f4b6600d65455c4b7c67e417a8c819f06079634f9f8828093509a16054

Threat Level: Known bad

The file Hellgate.exe was found to be: Known bad.

Malicious Activity Summary

mercurialgrabber evasion spyware stealer

Mercurial Grabber Stealer

Mercurialgrabber family

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Checks BIOS information in registry

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Maps connected drives based on registry

Enumerates physical storage devices

Program crash

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-13 19:41

Signatures

Mercurialgrabber family

mercurialgrabber

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-13 19:41

Reported

2022-10-18 18:49

Platform

win10v2004-20220901-en

Max time kernel

12s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"

Signatures

Mercurial Grabber Stealer

stealer mercurialgrabber

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Hellgate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Windows\System32\Conhost.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Windows\System32\Conhost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Windows\System32\Conhost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 4752 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 4752 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 4752 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 4752 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3916 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 3916 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 3916 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3916 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3916 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3392 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 3392 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 3392 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3392 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 3392 wrote to memory of 852 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 852 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Windows\System32\Conhost.exe
PID 852 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Windows\System32\Conhost.exe
PID 852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 852 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2924 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 2924 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 2924 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2924 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2924 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2180 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 2180 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 2180 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2180 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 2180 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1392 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Windows\System32\Conhost.exe
PID 1392 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Windows\System32\Conhost.exe
PID 1392 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1392 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1392 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\Hellgate.exe

"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 476 -p 1280 -ip 1280

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 428 -p 1488 -ip 1488

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 464 -p 4876 -ip 4876

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 480 -p 2704 -ip 2704

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 496 -p 1520 -ip 1520

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1280 -s 2028

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1488 -s 2016

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2704 -s 2008

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4876 -s 2044

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 504 -p 1816 -ip 1816

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 552 -p 1284 -ip 1284

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1284 -s 2016

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 500 -p 1696 -ip 1696

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1696 -s 2012

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 508 -p 3672 -ip 3672

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 628 -p 2480 -ip 2480

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3672 -s 2032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2480 -s 2028

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 496 -p 2424 -ip 2424

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2424 -s 2036

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 644 -p 2348 -ip 2348

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2348 -s 2028

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 608 -p 512 -ip 512

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 500 -p 3772 -ip 3772

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 512 -s 2028

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3772 -s 2032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 624 -p 1684 -ip 1684

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1684 -s 2028

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 436 -p 1628 -ip 1628

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 416 -p 3020 -ip 3020

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1628 -s 2024

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3020 -s 2008

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 412 -p 4032 -ip 4032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4032 -s 2044

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 496 -p 3992 -ip 3992

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3992 -s 2032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 620 -p 1296 -ip 1296

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1296 -s 2056

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 500 -p 3788 -ip 3788

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3788 -s 2016

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 436 -p 1696 -ip 1696

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 616 -p 4396 -ip 4396

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4396 -s 2032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1696 -s 2008

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 644 -p 1504 -ip 1504

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1504 -s 2008

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 496 -p 3324 -ip 3324

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3324 -s 2008

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4100 -s 2032

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 412 -p 4100 -ip 4100

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 508 -p 2228 -ip 2228

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2228 -s 2008

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 644 -p 1496 -ip 1496

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1496 -s 2036

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 664 -p 812 -ip 812

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 812 -s 2028

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 648 -p 4812 -ip 4812

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4812 -s 2028

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 628 -p 2264 -ip 2264

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 632 -p 6392 -ip 6392

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2264 -s 2000

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 6392 -s 2032

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 652 -p 5800 -ip 5800

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 664 -p 3696 -ip 3696

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 656 -p 4608 -ip 4608

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 684 -p 3672 -ip 3672

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 636 -p 7020 -ip 7020

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 708 -p 6840 -ip 6840

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 680 -p 6184 -ip 6184

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 7140 -s 1920

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 724 -p 4148 -ip 4148

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 504 -p 6720 -ip 6720

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 732 -p 6208 -ip 6208

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 712 -p 5420 -ip 5420

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 496 -p 6548 -ip 6548

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 636 -p 4016 -ip 4016

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 632 -p 5968 -ip 5968

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3780 -s 2008

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 616 -p 7140 -ip 7140

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 548 -p 3780 -ip 3780

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 612 -p 1852 -ip 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 652 -p 4020 -ip 4020

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4020 -s 2000

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 704 -p 1408 -ip 1408

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 688 -p 7036 -ip 7036

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 760 -p 4428 -ip 4428

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 792 -p 5944 -ip 5944

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 756 -p 4912 -ip 4912

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 716 -p 3452 -ip 3452

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 796 -p 7200 -ip 7200

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 768 -p 5136 -ip 5136

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4428 -s 1620

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 780 -p 5636 -ip 5636

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4120 -s 1992

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3452 -s 2000

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 752 -p 4120 -ip 4120

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 704 -p 3628 -ip 3628

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3628 -s 1984

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 808 -p 3128 -ip 3128

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3128 -s 2000

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 664 -p 4572 -ip 4572

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4572 -s 2012

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 756 -p 5288 -ip 5288

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5288 -s 1504

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 812 -p 5468 -ip 5468

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5468 -s 1940

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip4.seeip.org udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 104.208.16.90:443 tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 67.26.207.254:80 tcp
US 67.26.207.254:80 tcp
US 67.26.207.254:80 tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp

Files

memory/1280-133-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3916-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1280-137-0x0000000000930000-0x0000000000950000-memory.dmp

memory/1520-138-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3392-140-0x0000000000000000-mapping.dmp

memory/1280-141-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4876-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/852-144-0x0000000000000000-mapping.dmp

memory/1488-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2924-147-0x0000000000000000-mapping.dmp

memory/1520-148-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2704-149-0x0000000000000000-mapping.dmp

memory/2180-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4876-152-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1488-153-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1816-154-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1392-156-0x0000000000000000-mapping.dmp

memory/1284-157-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3436-160-0x0000000000000000-mapping.dmp

memory/2704-159-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1816-161-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1696-162-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.db

MD5 055c8c5c47424f3c2e7a6fc2ee904032
SHA1 5952781d22cff35d94861fac25d89a39af6d0a87
SHA256 531b3121bd59938df4933972344d936a67e75d8b1741807a8a51c898d185dd2a
SHA512 c2772893695f49cb185add62c35284779b20d45adc01184f1912613fa8b2d70c8e785f0d7cfa3bfaf1d2d58e7cdc74f4304fd973a956601927719d6d370dd57a

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/2756-168-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1284-169-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3672-170-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/2264-173-0x0000000000000000-mapping.dmp

memory/1696-174-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1520-175-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1848-178-0x0000000000000000-mapping.dmp

memory/2480-176-0x0000000000000000-mapping.dmp

memory/3672-179-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1816-180-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2424-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4736-184-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1280-187-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2480-186-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2704-188-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2424-189-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4876-190-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1488-191-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4940-194-0x0000000000000000-mapping.dmp

memory/2348-192-0x0000000000000000-mapping.dmp

memory/512-196-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1284-199-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4264-197-0x0000000000000000-mapping.dmp

memory/2348-195-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/3772-201-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3348-206-0x0000000000000000-mapping.dmp

memory/1696-204-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/512-203-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1360-209-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1684-207-0x0000000000000000-mapping.dmp

memory/3772-210-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4864-215-0x0000000000000000-mapping.dmp

memory/3672-216-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1628-212-0x0000000000000000-mapping.dmp

memory/1684-217-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3020-219-0x0000000000000000-mapping.dmp

memory/4948-220-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2480-218-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4032-224-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2424-227-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4220-226-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1628-223-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3992-229-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3020-234-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2348-235-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4568-233-0x0000000000000000-mapping.dmp

memory/4032-231-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1296-236-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3992-238-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3772-240-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2844-239-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/512-242-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1296-243-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3788-244-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/756-247-0x0000000000000000-mapping.dmp

memory/1684-248-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3788-249-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1696-251-0x0000000000000000-mapping.dmp

memory/4332-252-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1628-254-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4396-255-0x0000000000000000-mapping.dmp

memory/1696-259-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1292-257-0x0000000000000000-mapping.dmp

memory/3020-260-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1504-261-0x0000000000000000-mapping.dmp

memory/4912-263-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4396-265-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4032-266-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3324-267-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4364-269-0x0000000000000000-mapping.dmp

memory/1504-270-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4100-271-0x0000000000000000-mapping.dmp

memory/3992-272-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1336-274-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/4100-277-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2228-278-0x0000000000000000-mapping.dmp

memory/3324-281-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3152-280-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1880-286-0x0000000000000000-mapping.dmp

memory/1496-284-0x0000000000000000-mapping.dmp

memory/3788-287-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/2228-288-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/812-289-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3772-291-0x0000000000000000-mapping.dmp

memory/1696-292-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4396-293-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/812-294-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4812-296-0x0000000000000000-mapping.dmp

memory/1496-295-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/516-298-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/1504-301-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3628-302-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4248-303-0x0000000000000000-mapping.dmp

memory/4812-305-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3128-306-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4440-308-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/3324-312-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1296-314-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/4100-311-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3628-315-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\cookies.txt

MD5 e9c0017d6df903586aeb449cd6422fd7
SHA1 e62638187ee9285e945bbb0971a1a89361bf2a4c
SHA256 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494
SHA512 a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c

memory/3128-317-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2228-320-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/3696-321-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/4148-322-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/1496-323-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

memory/812-324-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-13 19:41

Reported

2022-10-13 19:45

Platform

win7-20220812-en

Max time kernel

123s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"

Signatures

Mercurial Grabber Stealer

stealer mercurialgrabber

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Windows\system32\conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Windows\system32\conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
N/A N/A C:\Windows\system32\WerFault.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef4240f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c5030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d1900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GATE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1008 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1008 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1008 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1008 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1008 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1008 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1008 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1008 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\Hellgate.exe C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1516 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1516 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1516 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1516 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1516 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1516 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1516 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1516 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 912 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 912 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 912 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 912 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 912 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 912 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 912 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 912 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 748 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 748 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 748 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 748 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 748 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 748 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 748 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 748 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 888 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 888 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 888 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 888 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 888 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 888 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 888 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 888 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1884 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1884 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1884 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1884 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1884 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1884 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1884 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1884 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1724 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1724 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1724 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1724 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1724 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1724 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1724 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1724 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1964 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1964 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1964 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1964 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\GATE.EXE
PID 1964 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1964 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1964 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
PID 1964 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\Hellgate.exe

"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1788006722-511198662-265515806-544246569-7423863621813184736-2101715010111338041"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1682113020-1671060950-616534623527804605-506443869666465388-19814812491344188956"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE

"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3712 -s 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1816 -s 1872

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1524 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 988 -s 1844

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 872 -s 1836

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2084 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1000 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1884 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3200 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1608 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2232 -s 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1028 -s 1848

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 932 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3360 -s 1880

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3504 -s 1868

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1728 -s 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1544 -s 1876

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2160 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2404 -s 1860

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3000 -s 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1684 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1088 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 316 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2792 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1020 -s 1852

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 520 -s 1868

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2036 -s 1864

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1640 -s 1872

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2248 -s 1856

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1520 -s 1848

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 8.8.8.8:53 ip4.seeip.org udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.139:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
NL 96.16.53.157:80 apps.identrust.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp

Files

memory/1008-54-0x0000000076261000-0x0000000076263000-memory.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/520-56-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1516-58-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1544-62-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/912-64-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1524-67-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/748-69-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1020-72-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/888-74-0x0000000000000000-mapping.dmp

memory/932-77-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1884-79-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1728-82-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1724-84-0x0000000000000000-mapping.dmp

memory/1028-87-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1964-89-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1704-94-0x0000000000000000-mapping.dmp

memory/1640-92-0x0000000000000000-mapping.dmp

memory/872-97-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/956-99-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1644-104-0x0000000000000000-mapping.dmp

memory/2036-102-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1000-107-0x0000000000000000-mapping.dmp

memory/1288-109-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1088-112-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2028-114-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1816-117-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1372-119-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/316-122-0x0000000000000000-mapping.dmp

memory/632-124-0x0000000000000000-mapping.dmp

memory/1640-126-0x00000000001C0000-0x00000000001E0000-memory.dmp

memory/1608-128-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/836-130-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1620-135-0x0000000000000000-mapping.dmp

memory/1684-133-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/988-138-0x0000000000000000-mapping.dmp

memory/552-140-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1776-145-0x0000000000000000-mapping.dmp

memory/1520-143-0x0000000000000000-mapping.dmp

memory/2120-150-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2084-148-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2160-153-0x0000000000000000-mapping.dmp

memory/2196-155-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2272-160-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2232-158-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2436-165-0x0000000000000000-mapping.dmp

memory/2404-163-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2792-168-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2860-170-0x0000000000000000-mapping.dmp

memory/3000-173-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3036-175-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/1884-178-0x0000000000000000-mapping.dmp

memory/2080-180-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/2240-185-0x0000000000000000-mapping.dmp

memory/2248-183-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3236-190-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3200-188-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3408-195-0x0000000000000000-mapping.dmp

memory/3360-193-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3564-200-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3712-203-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3504-198-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

memory/3748-205-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\GATE.EXE

MD5 1fdbfec3f56386b3f45e3676724818ba
SHA1 d295930d5d25c5b8e1968f92016d3aae771303b7
SHA256 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483
SHA512 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 02a0c916f24edd87c7065ac4922b491d
SHA1 0392141b3583f901ba52d4a4487d54afd8276813
SHA256 65cdadfe55823b7bbf33b668be79a029554775f317e717b32fdd9b696ebbd084
SHA512 09749785a02672095d9110a01284588b373304a1800662dec11eb09ff63047cfb49c720e04814f6c5ce43bb5dd069468a55a7023e32818f76ca943b728c77904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 02a0c916f24edd87c7065ac4922b491d
SHA1 0392141b3583f901ba52d4a4487d54afd8276813
SHA256 65cdadfe55823b7bbf33b668be79a029554775f317e717b32fdd9b696ebbd084
SHA512 09749785a02672095d9110a01284588b373304a1800662dec11eb09ff63047cfb49c720e04814f6c5ce43bb5dd069468a55a7023e32818f76ca943b728c77904

memory/5428-211-0x0000000000000000-mapping.dmp

memory/5420-210-0x0000000000000000-mapping.dmp

memory/5448-212-0x0000000000000000-mapping.dmp

memory/5460-213-0x0000000000000000-mapping.dmp