Analysis Overview
SHA256
96b725f4b6600d65455c4b7c67e417a8c819f06079634f9f8828093509a16054
Threat Level: Known bad
The file Hellgate.exe was found to be: Known bad.
Malicious Activity Summary
Mercurial Grabber Stealer
Mercurialgrabber family
Looks for VirtualBox Guest Additions in registry
Looks for VMWare Tools registry key
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Checks BIOS information in registry
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Maps connected drives based on registry
Enumerates physical storage devices
Program crash
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-10-13 19:41
Signatures
Mercurialgrabber family
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-13 19:41
Reported
2022-10-18 18:49
Platform
win10v2004-20220901-en
Max time kernel
12s
Max time network
142s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Hellgate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\System32\Conhost.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Windows\System32\Conhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Token: SeDebugPrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Hellgate.exe
"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 1280 -ip 1280
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 1488 -ip 1488
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 4876 -ip 4876
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 2704 -ip 2704
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 1520 -ip 1520
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1280 -s 2028
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1488 -s 2016
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2704 -s 2008
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4876 -s 2044
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 1816 -ip 1816
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 1284 -ip 1284
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1284 -s 2016
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 1696 -ip 1696
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1696 -s 2012
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 3672 -ip 3672
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 628 -p 2480 -ip 2480
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3672 -s 2032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2480 -s 2028
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 2424 -ip 2424
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2424 -s 2036
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 644 -p 2348 -ip 2348
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2348 -s 2028
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 608 -p 512 -ip 512
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 3772 -ip 3772
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 512 -s 2028
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3772 -s 2032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 624 -p 1684 -ip 1684
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1684 -s 2028
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 436 -p 1628 -ip 1628
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 3020 -ip 3020
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1628 -s 2024
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3020 -s 2008
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 4032 -ip 4032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4032 -s 2044
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3992 -ip 3992
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3992 -s 2032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 620 -p 1296 -ip 1296
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1296 -s 2056
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 3788 -ip 3788
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3788 -s 2016
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 436 -p 1696 -ip 1696
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 616 -p 4396 -ip 4396
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4396 -s 2032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1696 -s 2008
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 644 -p 1504 -ip 1504
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1504 -s 2008
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3324 -ip 3324
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3324 -s 2008
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4100 -s 2032
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 4100 -ip 4100
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 2228 -ip 2228
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2228 -s 2008
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 644 -p 1496 -ip 1496
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1496 -s 2036
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 664 -p 812 -ip 812
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 812 -s 2028
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 648 -p 4812 -ip 4812
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4812 -s 2028
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 628 -p 2264 -ip 2264
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 632 -p 6392 -ip 6392
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2264 -s 2000
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6392 -s 2032
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 652 -p 5800 -ip 5800
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 664 -p 3696 -ip 3696
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 656 -p 4608 -ip 4608
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 684 -p 3672 -ip 3672
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 636 -p 7020 -ip 7020
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 708 -p 6840 -ip 6840
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 680 -p 6184 -ip 6184
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7140 -s 1920
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 724 -p 4148 -ip 4148
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 6720 -ip 6720
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 732 -p 6208 -ip 6208
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 712 -p 5420 -ip 5420
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 6548 -ip 6548
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 636 -p 4016 -ip 4016
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 632 -p 5968 -ip 5968
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3780 -s 2008
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 616 -p 7140 -ip 7140
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 3780 -ip 3780
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 612 -p 1852 -ip 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 652 -p 4020 -ip 4020
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4020 -s 2000
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 704 -p 1408 -ip 1408
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 688 -p 7036 -ip 7036
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 760 -p 4428 -ip 4428
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 792 -p 5944 -ip 5944
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 756 -p 4912 -ip 4912
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 716 -p 3452 -ip 3452
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 796 -p 7200 -ip 7200
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 768 -p 5136 -ip 5136
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4428 -s 1620
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 780 -p 5636 -ip 5636
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4120 -s 1992
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3452 -s 2000
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 752 -p 4120 -ip 4120
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 704 -p 3628 -ip 3628
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3628 -s 1984
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 808 -p 3128 -ip 3128
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3128 -s 2000
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 664 -p 4572 -ip 4572
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4572 -s 2012
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 756 -p 5288 -ip 5288
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5288 -s 1504
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 812 -p 5468 -ip 5468
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5468 -s 1940
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 104.208.16.90:443 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 67.26.207.254:80 | tcp | |
| US | 67.26.207.254:80 | tcp | |
| US | 67.26.207.254:80 | tcp | |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
Files
memory/1280-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3916-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1280-137-0x0000000000930000-0x0000000000950000-memory.dmp
memory/1520-138-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3392-140-0x0000000000000000-mapping.dmp
memory/1280-141-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4876-142-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/852-144-0x0000000000000000-mapping.dmp
memory/1488-145-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2924-147-0x0000000000000000-mapping.dmp
memory/1520-148-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2704-149-0x0000000000000000-mapping.dmp
memory/2180-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4876-152-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1488-153-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1816-154-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1392-156-0x0000000000000000-mapping.dmp
memory/1284-157-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3436-160-0x0000000000000000-mapping.dmp
memory/2704-159-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1816-161-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1696-162-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.db
| MD5 | 055c8c5c47424f3c2e7a6fc2ee904032 |
| SHA1 | 5952781d22cff35d94861fac25d89a39af6d0a87 |
| SHA256 | 531b3121bd59938df4933972344d936a67e75d8b1741807a8a51c898d185dd2a |
| SHA512 | c2772893695f49cb185add62c35284779b20d45adc01184f1912613fa8b2d70c8e785f0d7cfa3bfaf1d2d58e7cdc74f4304fd973a956601927719d6d370dd57a |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/2756-168-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1284-169-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3672-170-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/2264-173-0x0000000000000000-mapping.dmp
memory/1696-174-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1520-175-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1848-178-0x0000000000000000-mapping.dmp
memory/2480-176-0x0000000000000000-mapping.dmp
memory/3672-179-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1816-180-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2424-181-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4736-184-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1280-187-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2480-186-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2704-188-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2424-189-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4876-190-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1488-191-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4940-194-0x0000000000000000-mapping.dmp
memory/2348-192-0x0000000000000000-mapping.dmp
memory/512-196-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1284-199-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4264-197-0x0000000000000000-mapping.dmp
memory/2348-195-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/3772-201-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3348-206-0x0000000000000000-mapping.dmp
memory/1696-204-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/512-203-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1360-209-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1684-207-0x0000000000000000-mapping.dmp
memory/3772-210-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4864-215-0x0000000000000000-mapping.dmp
memory/3672-216-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1628-212-0x0000000000000000-mapping.dmp
memory/1684-217-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3020-219-0x0000000000000000-mapping.dmp
memory/4948-220-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2480-218-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4032-224-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2424-227-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4220-226-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1628-223-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3992-229-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3020-234-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2348-235-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4568-233-0x0000000000000000-mapping.dmp
memory/4032-231-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1296-236-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3992-238-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3772-240-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2844-239-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/512-242-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1296-243-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3788-244-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/756-247-0x0000000000000000-mapping.dmp
memory/1684-248-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3788-249-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1696-251-0x0000000000000000-mapping.dmp
memory/4332-252-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1628-254-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4396-255-0x0000000000000000-mapping.dmp
memory/1696-259-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1292-257-0x0000000000000000-mapping.dmp
memory/3020-260-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1504-261-0x0000000000000000-mapping.dmp
memory/4912-263-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4396-265-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4032-266-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3324-267-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4364-269-0x0000000000000000-mapping.dmp
memory/1504-270-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4100-271-0x0000000000000000-mapping.dmp
memory/3992-272-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1336-274-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/4100-277-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2228-278-0x0000000000000000-mapping.dmp
memory/3324-281-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3152-280-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1880-286-0x0000000000000000-mapping.dmp
memory/1496-284-0x0000000000000000-mapping.dmp
memory/3788-287-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/2228-288-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/812-289-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3772-291-0x0000000000000000-mapping.dmp
memory/1696-292-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4396-293-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/812-294-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4812-296-0x0000000000000000-mapping.dmp
memory/1496-295-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/516-298-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/1504-301-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3628-302-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4248-303-0x0000000000000000-mapping.dmp
memory/4812-305-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3128-306-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4440-308-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/3324-312-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1296-314-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/4100-311-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3628-315-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\cookies.txt
| MD5 | e9c0017d6df903586aeb449cd6422fd7 |
| SHA1 | e62638187ee9285e945bbb0971a1a89361bf2a4c |
| SHA256 | 9386c1cf90804cc04e7cf0ea90c4ced48c796ee2652756cddaa885e004cc9494 |
| SHA512 | a4cbd71c658283fec23f89f3bede3fae9cc3fceaf230d9dd16593ea64212a538edc969daea51a70dcf4b1fd3a759dfc3e27cd682efd7d867044aa2fd1e7ac43c |
memory/3128-317-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2228-320-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/3696-321-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/4148-322-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/1496-323-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
memory/812-324-0x00007FFCAA860000-0x00007FFCAB321000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-13 19:41
Reported
2022-10-13 19:45
Platform
win7-20220812-en
Max time kernel
123s
Max time network
156s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Executes dropped EXE
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef4240f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c5030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d1900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\GATE.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Hellgate.exe
"C:\Users\Admin\AppData\Local\Temp\Hellgate.exe"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1788006722-511198662-265515806-544246569-7423863621813184736-2101715010111338041"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1682113020-1671060950-616534623527804605-506443869666465388-19814812491344188956"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE
"C:\Users\Admin\AppData\Local\Temp\HELLGATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
"C:\Users\Admin\AppData\Local\Temp\GATE.EXE"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3712 -s 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1816 -s 1872
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1524 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 988 -s 1844
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 872 -s 1836
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2084 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1000 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1884 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3200 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1608 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2232 -s 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1028 -s 1848
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 932 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3360 -s 1880
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3504 -s 1868
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1728 -s 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1544 -s 1876
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2160 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2404 -s 1860
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3000 -s 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1684 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1088 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 316 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2792 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1020 -s 1852
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 520 -s 1868
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2036 -s 1864
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1640 -s 1872
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2248 -s 1856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1520 -s 1848
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.139:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| NL | 96.16.53.157:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
Files
memory/1008-54-0x0000000076261000-0x0000000076263000-memory.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/520-56-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1516-58-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1544-62-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/912-64-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1524-67-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/748-69-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1020-72-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/888-74-0x0000000000000000-mapping.dmp
memory/932-77-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1884-79-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1728-82-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1724-84-0x0000000000000000-mapping.dmp
memory/1028-87-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1964-89-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1704-94-0x0000000000000000-mapping.dmp
memory/1640-92-0x0000000000000000-mapping.dmp
memory/872-97-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/956-99-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1644-104-0x0000000000000000-mapping.dmp
memory/2036-102-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1000-107-0x0000000000000000-mapping.dmp
memory/1288-109-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1088-112-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2028-114-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1816-117-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1372-119-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/316-122-0x0000000000000000-mapping.dmp
memory/632-124-0x0000000000000000-mapping.dmp
memory/1640-126-0x00000000001C0000-0x00000000001E0000-memory.dmp
memory/1608-128-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/836-130-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1620-135-0x0000000000000000-mapping.dmp
memory/1684-133-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/988-138-0x0000000000000000-mapping.dmp
memory/552-140-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1776-145-0x0000000000000000-mapping.dmp
memory/1520-143-0x0000000000000000-mapping.dmp
memory/2120-150-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2084-148-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2160-153-0x0000000000000000-mapping.dmp
memory/2196-155-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2272-160-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2232-158-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2436-165-0x0000000000000000-mapping.dmp
memory/2404-163-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2792-168-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2860-170-0x0000000000000000-mapping.dmp
memory/3000-173-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3036-175-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/1884-178-0x0000000000000000-mapping.dmp
memory/2080-180-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/2240-185-0x0000000000000000-mapping.dmp
memory/2248-183-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3236-190-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3200-188-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3408-195-0x0000000000000000-mapping.dmp
memory/3360-193-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3564-200-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3712-203-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3504-198-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
memory/3748-205-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\GATE.EXE
| MD5 | 1fdbfec3f56386b3f45e3676724818ba |
| SHA1 | d295930d5d25c5b8e1968f92016d3aae771303b7 |
| SHA256 | 67dbd4013e250850e4f6a564c601d7ed342f51220378238902b2dcc09bb9b483 |
| SHA512 | 8ba022689896b209be7731e4cc8823e84ee3e4b04d795dd3f2c5a5292a24ca2e56aa78c78cac6ec6e78ca3770dcb891976bf808e752e8cf40803f44a0aa2b114 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 02a0c916f24edd87c7065ac4922b491d |
| SHA1 | 0392141b3583f901ba52d4a4487d54afd8276813 |
| SHA256 | 65cdadfe55823b7bbf33b668be79a029554775f317e717b32fdd9b696ebbd084 |
| SHA512 | 09749785a02672095d9110a01284588b373304a1800662dec11eb09ff63047cfb49c720e04814f6c5ce43bb5dd069468a55a7023e32818f76ca943b728c77904 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 02a0c916f24edd87c7065ac4922b491d |
| SHA1 | 0392141b3583f901ba52d4a4487d54afd8276813 |
| SHA256 | 65cdadfe55823b7bbf33b668be79a029554775f317e717b32fdd9b696ebbd084 |
| SHA512 | 09749785a02672095d9110a01284588b373304a1800662dec11eb09ff63047cfb49c720e04814f6c5ce43bb5dd069468a55a7023e32818f76ca943b728c77904 |
memory/5428-211-0x0000000000000000-mapping.dmp
memory/5420-210-0x0000000000000000-mapping.dmp
memory/5448-212-0x0000000000000000-mapping.dmp
memory/5460-213-0x0000000000000000-mapping.dmp