Analysis Overview
SHA256
4107cc7c0473fe9a9b674c399e7f4e5f319367b61745105ed0a29b1472c50c7a
Threat Level: Known bad
The file 4107cc7c0473fe9a9b674c399e7f4e5f319367b61745105ed0a29b1472c50c7a was found to be: Known bad.
Malicious Activity Summary
r77 rootkit payload
R77 family
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-10 14:27
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win10v2004-20230703-en
Max time kernel
150s
Max time network
138s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.26.0.11:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| NL | 23.222.33.142:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 11.0.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |
Files
memory/1984-133-0x00007FFF16F10000-0x00007FFF179D1000-memory.dmp
memory/1984-135-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-134-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-136-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-137-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-138-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-139-0x000001EED31E0000-0x000001EED31E8000-memory.dmp
memory/1984-140-0x000001EED3870000-0x000001EED38A8000-memory.dmp
memory/1984-141-0x000001EED3200000-0x000001EED320E000-memory.dmp
memory/1984-154-0x00007FFF16F10000-0x00007FFF179D1000-memory.dmp
memory/1984-155-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-156-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-157-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
memory/1984-158-0x000001EECEDB0000-0x000001EECEDC0000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win7-20230712-en
Max time kernel
150s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\Total = "200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "107" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\Total = "190" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\Total = "107" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc6300000000020000000000106600000001000020000000a85636222541f4c396dcdbda46663686bcce0a64a7cfc24cf887d3b20dcbf9eb000000000e8000000002000020000000d6763fd35849f822b3b78354bbc1df12b74d7743983f822e2870f542b84a3e07900000008288d875311e65173df50b6e63882d2b9387194e3e9d4bbcaaa3257a7992097967de7fc1593b7e2e07bc9f6e077132192ca8a68cc58c08ab244f3f748255d16031aad85e61333c0880a1d85a4a191564953237f06693c22098bf4cf60b48a62d114f6d28a204f6cb5a2238178c70903784817aaddb1674ab8656a9e400423c85f69ec99a9bfcc24ece14d5cb4ae93f28400000006b4aad7d2efcd270642ccf2539d8003accc489b53e8fbc264cf8774c65fafe6cf79d93b02243e2b5567e57b81455345ac8f7b795f6f6f2b394e347d701f75bf3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\Total = "170" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com\ = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\gtimg.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com\ = "190" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com\ = "170" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\gtimg.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b14723a8e389564aa88fef2378dcfc6300000000020000000000106600000001000020000000ac364e5f67814741aa75d3bd0b71058d3081d7f5c3bbc6480ad7984ff8977f17000000000e8000000002000020000000c03c7139b12bf4caa2bbc8884aa132cb716ed665106de26a4dac4c4169a85b27200000006c830beaeacdf20e9b28a2049e63938b6547f9236481a63f42a6b9ee72d7d2ea4000000002961ca1e718bb0f64c8674c9ce72f630aecb9ce0eb62af32d8c5954e92cb88c4b79a679cec0da46895178b88be8212b700b11f3759b340efc5b6b218d5519da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04ddc0397cbd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com\ = "200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397839549" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{195F4A91-378A-11EE-BA1B-72E7016CB537} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.3dmgame.com\ = "107" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\3dmgame.com\Total = "44" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "170" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "190" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2312 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2312 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.3dmgame.com.url
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.3dmgame.com | udp |
| CN | 180.101.45.57:80 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:80 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| US | 8.8.8.8:53 | dup.baidustatic.com | udp |
| US | 8.8.8.8:53 | yx.3dmgame.com | udp |
| US | 8.8.8.8:53 | img.3dmgame.com | udp |
| US | 8.8.8.8:53 | shop.3dmgame.com | udp |
| US | 8.8.8.8:53 | syimg.3dmgame.com | udp |
| US | 8.8.8.8:53 | olimg.3dmgame.com | udp |
| US | 8.8.8.8:53 | my.3dmgame.com | udp |
| US | 8.8.8.8:53 | ssl.captcha.qq.com | udp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 119.188.176.49:443 | dup.baidustatic.com | tcp |
| CN | 119.188.176.49:443 | dup.baidustatic.com | tcp |
| CN | 180.101.45.92:443 | my.3dmgame.com | tcp |
| CN | 180.101.45.92:443 | my.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| NL | 47.246.48.205:80 | ocsp.digicert.cn | tcp |
| NL | 47.246.48.205:80 | ocsp.digicert.cn | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | olimg.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 14.29.101.160:443 | olimg.3dmgame.com | tcp |
| CN | 14.29.101.160:443 | olimg.3dmgame.com | tcp |
| US | 8.8.8.8:53 | pos.baidu.com | udp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 182.61.200.109:443 | pos.baidu.com | tcp |
| CN | 182.61.200.109:443 | pos.baidu.com | tcp |
| US | 8.8.8.8:53 | wn.pos.baidu.com | udp |
| US | 8.8.8.8:53 | unmc.cdn.bcebos.com | udp |
| CN | 182.61.62.32:443 | wn.pos.baidu.com | tcp |
| CN | 182.61.62.32:443 | wn.pos.baidu.com | tcp |
| CN | 182.61.62.32:443 | wn.pos.baidu.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 106.225.194.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 106.225.194.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 106.225.194.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 106.225.194.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 106.225.194.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| US | 8.8.8.8:53 | eclick.baidu.com | udp |
| US | 8.8.8.8:53 | ocsp.sectigochina.com | udp |
| US | 8.8.8.8:53 | ocsp.sectigochina.com | udp |
| US | 8.8.8.8:53 | ocsp.sectigochina.com | udp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| US | 104.18.8.141:80 | ocsp.sectigochina.com | tcp |
| US | 104.18.8.141:80 | ocsp.sectigochina.com | tcp |
| US | 104.18.8.141:80 | ocsp.sectigochina.com | tcp |
| CN | 14.29.101.168:443 | olimg.3dmgame.com | tcp |
| US | 8.8.8.8:53 | captcha.gtimg.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| HK | 103.235.46.191:443 | hm.baidu.com | tcp |
| HK | 103.235.46.191:443 | hm.baidu.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| NL | 43.152.42.232:443 | captcha.gtimg.com | tcp |
| NL | 43.152.42.232:443 | captcha.gtimg.com | tcp |
| US | 8.8.8.8:53 | tam.cdn-go.cn | udp |
| SG | 203.205.155.69:443 | tam.cdn-go.cn | tcp |
| SG | 203.205.155.69:443 | tam.cdn-go.cn | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 183.136.140.24:443 | img.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| US | 8.8.8.8:53 | syly.3dmgame.com | udp |
| US | 8.8.8.8:53 | tj.shwswl.cn | udp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 14.29.101.168:443 | tj.shwswl.cn | tcp |
| CN | 14.29.101.168:443 | tj.shwswl.cn | tcp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| CN | 111.206.208.190:443 | eclick.baidu.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 14.29.101.168:443 | tj.shwswl.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1744-54-0x00000000001C0000-0x00000000001D0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26DFEA863B576461CB57142C94618B19
| MD5 | ec71bedd30e901730acf3fdecb9cd111 |
| SHA1 | d7ee2bbf780746b052da5a9f913661911e696b89 |
| SHA256 | 30d94f48d7d16195756073d73b2958033ae5fc85631f94ca8e64e22b44faac2d |
| SHA512 | 15bc50313b46da084528a588e281d3641381dfc34dc30a5ed12589cdfd460c62221ecebf4ac300da0d4880f385918f5a27e763e16da69955b1ec5bb8ac37f372 |
C:\Users\Admin\AppData\Local\Temp\CabDAB7.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 570ad449724fac42cc43e003f5cd6b27 |
| SHA1 | 410e34bc569ab01926fb901a40c7823f8e7cb84c |
| SHA256 | 1f74088684f58b3f0c40d9628d0710277277dbae574d7841acb0c09a4b78988f |
| SHA512 | 4597fb49c8525d6385e8e75ac24b4a644f1ab685bd0885a85355482efa0adfa6146a9833a7d1865e9a3fb2dc24e744d4a0b85d2e1c17df486b30cf91612b22fb |
C:\Users\Admin\AppData\Local\Temp\TarDAE9.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1YVF44Q\se[1].gif
| MD5 | ad4b0f606e0f8465bc4c4c170b37e1a3 |
| SHA1 | 50b30fd5f87c85fe5cba2635cb83316ca71250d7 |
| SHA256 | cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda |
| SHA512 | ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19SSI8KP\www.3dmgame[1].xml
| MD5 | 0e742677405855e56285e58f860b886d |
| SHA1 | 54c240cf9716d51d81463775a18f069baf34bf2c |
| SHA256 | 0b06a2213c2adc385c99fb954936c710fa2c94febcd9d7b07b3cfe438a2f034f |
| SHA512 | a476bdc3bcbce1332af7f25420fdff6fdfcf3412c81ff6532cebfa109c10419283ed236290e7c653c0afc6959abdec539ddc2550226a17330028fc051f93bf46 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19SSI8KP\www.3dmgame[1].xml
| MD5 | 1366024ed2fb343a5fc7251036ca8f1e |
| SHA1 | 66e1d29219166e696b82fcc9517829078b9098bb |
| SHA256 | a4ea420c674d86205b13943cf92440aedc39d50eac28dbe08020e226a1c84798 |
| SHA512 | 901da423de35eb6f0a59939bd17b6a06a8927d1dc72b64da2e71cbba14103fb0c27635c3a2058d92c421c169b12dca2a6499eadb54a2e0e662abbec346f82421 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1YVF44Q\favicon[2].ico
| MD5 | b62511a2f7a054b05f7cc6b3d5a45a3c |
| SHA1 | 5e9421f05125cbb7fe90e80940ec370a392534f9 |
| SHA256 | 4f426cd2a3826f5cdd4ba3dcfd90c66ef2742ac2281ae5a067f74fe4db9634d1 |
| SHA512 | 3b40a15873b60667b25e4beecd62a9fce66937ee17be4b1af65ce08da5c800bab503e81edc28cf1e2953151343102b22aa13c4ce0d4768604cbdb93567ac0fbe |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\uns8mem\imagestore.dat
| MD5 | c5668a2ac2403fa012cfc6c83f37980f |
| SHA1 | 24af51329d00de917dd7d6f96ca41ef340ed99f4 |
| SHA256 | c0a4ee69f6540181a7e9a50fd1b4ae0bc816e0dd6db726f38a016a6f739788b7 |
| SHA512 | 50f3b8a285d61db9f637609dc833e5e6efcbe182b3083eb83d1e6636a09538ad96cdb7ce670fae73f891ecee521860c3f31b1da238d46a85f12fa29000528537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24ad7b2064294dc489491ef1da3e4661 |
| SHA1 | f144798af6ac286796711299e14f8fd3c6f2d243 |
| SHA256 | 526a68278aa48c0e8a0b8f823ab56e70820586db2276d1f0c0efe19f2fca632a |
| SHA512 | 48ac325407bdce34ae4ca8ca5fa8b29f83f45f756a3363690e70bd192cabd064c4124403a2eda31bb57c981e6404fd53c33d2724588d206aeba2c58574fa3740 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 214c0a308a9b6e648557eddf15ce28f2 |
| SHA1 | e62d01d248f676f895db81ebb595ec139dc37b6c |
| SHA256 | 9d9b20d3117edfde49847fcd3d2f486990f15e722a7b7672eda0315a56075722 |
| SHA512 | deda64978573bca7622ce7c8d688c7676d7da423316e2d7dd66fe7c80439fe9be9efa05e8ff5be6f8922d7f1d486ac019df6b282bda23ca1b622303c4a9c5442 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 333968eb5b116c5c4348b1f6feb60cc0 |
| SHA1 | 5701ac7f5698cc11986b05d1d4f96f7d36c72c69 |
| SHA256 | 298d089e446bab28d139ee55b25b20e5114845d365637913cb4fade52397641c |
| SHA512 | 90a7cccb117709436cd1ebd70be799f786c0ab804fce781b68d076a4789178fc02265647c97eb3f3dede2bc4b6fdf4deff52b490af5cb7f015b9e91028f0fa7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbed126feb2452b3dcbc4092b4f60126 |
| SHA1 | e21fe0937f0dac54e7b06e446c3533e7e656677c |
| SHA256 | e0c5fc1d2f52eec63a9aff704487ffcf233244d36af85658b7c9d99e9bba74ac |
| SHA512 | 1a1fb615dcd95789f80fc1ace7248ff631dee9667afd790ee30f408c424d66e7c4f6e4813102d09c97158280456112a18ddcbfaf054fdf2c93edcf08431e5876 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8907dc546ff4c282776e284c9243ad0 |
| SHA1 | d9b75835f98799af92fe4493555bde7e460833ce |
| SHA256 | 588c0f2ffeff90d0e673d414fa1e521c5a858e5b1164719dc83074c2a8bf64d4 |
| SHA512 | d6474607cd2ad9c95d18803104aeaa8413d6b49ac7645614e2c3e1a0d702e0ea34dbb84ab3ebacb6276d6e4dfa4665d73a148ade8d953c816242294edac79a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32cb24701f54a46c513ff382cd3ae152 |
| SHA1 | c2e8db2f8aea22dbd1fcb75cad89ab36eb018000 |
| SHA256 | ef5363bf223bd9b7da262408a06fc7545f3f4be5c25b62dfd081087a83e3bc6d |
| SHA512 | 2ffbe30f3e19a014cbc35b53285518a26a9267d5f7af753815b66d8e0242d29e0199314f0b251c248bd0536aa4b69ef5ec8c4faa6ed35745fbffc05512761721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adabfc6231d05969eb1d2b7d83621e73 |
| SHA1 | de26c6cc95a76c9e0c0fdcee49943d558074241e |
| SHA256 | 55b726b182d0b8ad701e7b839f9669113de01fb99b47a63a28c41c41253389dc |
| SHA512 | 5ad3d9e491cb41bf1bb391d4049e70f2d1ed160cd5dd047c74d8991f5ac7e742f1f9ca9ad2caf3449d0c37ae4d53b6bd0214cf513870a31b0a15ef76c265a91f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c815ab02df83e47a08523f88bdc821b2 |
| SHA1 | 6107b4596dcd6bd5306bed4b6f1a79042bd580f7 |
| SHA256 | 6cbbb17f3f0ccfaa1612281aba62239488b0cc282672ebf1fdf6ddd5df41b0da |
| SHA512 | 3c25464fbce27826a2da7f1b8e718bd93fa66fe7e27de9a5c547441964ffe214313f02b6a50835d5dbe5a0fad875c0302bdc960183bd212352480e202a26f94c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 45fa83c0e5866d203422c65c15dce140 |
| SHA1 | f6a6eb7b25120817275cee397a14a449c511bc34 |
| SHA256 | c040545835e6ca09989d940991438609a3da0061422c9a7fbc5cba190ff26cfd |
| SHA512 | 25e6774c5e6bad1809e1441be63d53cf73990ce4e1245c1012af4f9202031eb4135a5e70dceb346aa92b2bba343cd2c7ed4febd9d1da5987a0f2521edbca571e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f0bf54879d012979d661f612c3f396d |
| SHA1 | c09addcc60479afac313e1cf1c697c4299d0554e |
| SHA256 | 6afc900b51047e44a7daea17ac51c3a2d51af48645c68fb3dd2cbcd30a59b3f8 |
| SHA512 | e63c792f33f8aa82bcf4ce61851e6a09a7f7cb49958df706ef18e7705c215057ffefade535b066f47ab442db5b961e6e6314bc4ade6c8ee36a80606ebaee2d24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b528a5836eb752f46d134f638f421dbb |
| SHA1 | 5cff8989c7bcd55ed0dabd5773c5d9407a78f9fe |
| SHA256 | 2562c6cafaf6f1bb481b77738e696f6bf85cfadfeafeca45380d837dde0f7f5c |
| SHA512 | f9031451163e762768923cfbf2402a828069e006b0b93da16a44ccf639e4c4d57f927d94c0aa0476cd9dd3af65c48af90d4ea5b7c30d33d9f28fef6d9ea0b16d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b76b9dcdee593a7006f41b496b62fc3 |
| SHA1 | 5ca0cdc972400d1e39fa5c0b6027e2c2dd1d2b27 |
| SHA256 | 144ce373cb77a4460e259479485c471d5ce0a5498cfdf4ee5910f8b1a09996ea |
| SHA512 | 20522a3a2798a9548ebfca3277419e8d4ee707b52cfddb0f3480cadc848dceb157a946bad1b8ea401713fa30691f58f0918af38e19f1439bfc0d2ca0516c17d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad7e14fdd3e9af8748f6f63573254206 |
| SHA1 | 08de5a03643ce9db8c7850803cde6a367e6d46ae |
| SHA256 | 7a262ef23a60eccdbb7007a8f33a971853fa35c8e155ad4be35ad1f1eebffff7 |
| SHA512 | b297824b687c4a1a8fbbb85380f6ceb95e3c2d4810a43023111d32f7a5adcb79bae6535732c9b31ee656b752351c75b615f3959f245519e223a4b30568f94842 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4c59709f7886d095753397aed2f652a |
| SHA1 | e0f9b7aa311a35befe622821633d7840ff01312b |
| SHA256 | 2210dfdd691d9491e703aa6375c636183ab50985028d98eba89d7ff1e74026db |
| SHA512 | c30590a7b7952d8c096f89ebf8a7f992674b0a08424223d5de86982c95f2d7f392c39c13845fed33c0badfc4b5ae88e42a449d20561dfde08de4109223a17778 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b755819dc470d2f7fb6e6a9edcf7428 |
| SHA1 | 25c9eeefe64feecabc11865c1b2ef9dd33790cce |
| SHA256 | 311171b1f7cd40f2da98e0dd60cc145bc2c80d99a15bea47f160f7e2e898acc3 |
| SHA512 | 7e1363c66ed3c73974e31a47ee5c4c02e64c152d284a13787f481fa889a07f501790285491067409382c1f5cb73d6f330615685ea5f8f4abc029e7c8c7d53c64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e93741156b051cc5a03fef0e9ed1fa68 |
| SHA1 | cda53c7414316d9739376b290d15798647bdaea2 |
| SHA256 | b37c52b80db74bbf6d9740163f9574be1e230338c12052243302b38ea0287d55 |
| SHA512 | b17831744edd300d3406bf7e79253a2a7ddf5e0fba9ebc8c5028163af788dd31abe673af421c11d2528d9ed9c00b01cbd96f3a382e8fd9297fdd1dc85bdd9096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0d60f3a29a6968a9259ac72325f580 |
| SHA1 | 53a8eac2b0098174cdb48bf4a50e3ecb34cb3ef3 |
| SHA256 | f37325fe1a01507992fb39c0cf2ba5e524c719df002151ead8f27ae46c6670a1 |
| SHA512 | bd1fced72edc5c8d8d9c5a236db51bb17e55a1995ab3c70ddd6bba0c64d94e10825e0de7ebf04caefbaab16be0593b3f5658f9809f0999ec260a16efcf10ee6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 618cb191ed5200313ee62aebc67537cf |
| SHA1 | 898f8be12e028ad7c8161ec577964664ddfdb378 |
| SHA256 | ecbc9b47d62d66af6d530ca3f920fc1dea0906af8787a455d004bd5d577c2550 |
| SHA512 | da0584fd5bc84c18860a9c0bfed6866df4221c1e1b0e0fb05a2a1f739b886eb025815ce0d6d745b2c993728a3c9576adad4507c63ec24fb907e58b58f9e62b99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0ab7866d3fae781a1fe2c49bc433487 |
| SHA1 | 4ed953f48b1aa3333818a171a772a7dc6c321f29 |
| SHA256 | 1f50cd1ac2b7e3a061d842d96a9a954826225b1c65d9b473b21ab60f2ff60a7c |
| SHA512 | d50e5e985f5ab2b1bb4eca8c3b8bf12a53ae4c55f02eacfa618fb176ad8db8a64ecccb36e62a72b54e7696488d84387f4da29b100de98502288695169f3a9ca3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63741d39ee94a90452791c30a0c54a79 |
| SHA1 | 7ca689f62fc122c0b35dba0d692aa3e324261dce |
| SHA256 | ab45e373304127796c4e4cd2ddb86c0fc6ca32bfa5081b542e77c42d4aca3a30 |
| SHA512 | d60cc7c73be4ab507c3b18c3d43f2a969bf7bffc1740154c13959622f3cd494dcec62468fa6da9b7a3187f02d6069517e6475bf12c248e0f5547a6a574792e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfd173130ababa6821de28f8b5d5da98 |
| SHA1 | 25a5c04583e095f9a65b11eb3464b04698e7542d |
| SHA256 | 4b9055874331abff6caaf42b119505258cd20f929c5e25469fb3747c62038c69 |
| SHA512 | 8b632fc8a1852db578244e7ae072251cfcfeaa4824b9bb33dc1edf28edcf1bca8ab29dc40877f74a9c284137f48440e86b7b739a1db37ebea799fba897d5603c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5554222d715d18e3d24fb7dbaa7a3ed5 |
| SHA1 | aa85f48fda1509b3d94e5a06542cc32f98e3b7f6 |
| SHA256 | f19be53b2b45bc3f9bfbee8e4b5ac83e99474947919a01c33883c8633b085756 |
| SHA512 | e905d331e849dbae76c03d073cf80703ab4a54d0cadaf935bd60555613fabff1166b22540b04735b2386d7ea752da31bebeb3719031d94be95b90d1d4036d8a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91bd7163e5332dd1e5ecec022e5f43bd |
| SHA1 | e14c283e9c2fb3a4886f2aebedebe10589263d9f |
| SHA256 | 6cba2db0ba2bf1a9edc21ba749f3874bf501ad4459dd564837dba61f108a2659 |
| SHA512 | 6542dacbef3f57492bf6c2a7e79bcb3a08677085e82206a885a4a5eaa650711d529d936ba4fe1203bbef9f5dd3b6e38c585131f4fc1013c5a2e4af806273abb6 |
Analysis: behavioral6
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win10v2004-20230703-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.3dmgame.com.url
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.3dmgame.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0b2546f8,0x7ffb0b254708,0x7ffb0b254718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1915258349770911433,8848219435791182478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.3dmgame.com | udp |
| CN | 180.101.45.57:80 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:80 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:80 | www.3dmgame.com | tcp |
| US | 8.8.8.8:53 | 57.45.101.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| CN | 180.101.45.57:443 | www.3dmgame.com | tcp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dup.baidustatic.com | udp |
| CN | 119.188.176.49:443 | dup.baidustatic.com | tcp |
| CN | 119.188.176.49:443 | dup.baidustatic.com | tcp |
| US | 8.8.8.8:53 | yx.3dmgame.com | udp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| US | 8.8.8.8:53 | img.3dmgame.com | udp |
| US | 8.8.8.8:53 | 49.176.188.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pos.baidu.com | udp |
| CN | 180.101.45.243:443 | yx.3dmgame.com | tcp |
| CN | 182.61.200.109:443 | pos.baidu.com | tcp |
| CN | 182.61.200.109:443 | pos.baidu.com | tcp |
| US | 8.8.8.8:53 | 243.45.101.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.200.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| CN | 115.231.173.56:443 | img.3dmgame.com | tcp |
| US | 8.8.8.8:53 | shop.3dmgame.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.173.231.115.in-addr.arpa | udp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| CN | 43.248.191.98:443 | shop.3dmgame.com | tcp |
| US | 8.8.8.8:53 | unmc.cdn.bcebos.com | udp |
| CN | 171.107.86.38:443 | unmc.cdn.bcebos.com | tcp |
| CN | 171.107.86.38:443 | unmc.cdn.bcebos.com | tcp |
| US | 8.8.8.8:53 | 98.191.248.43.in-addr.arpa | udp |
| CN | 171.107.86.38:443 | unmc.cdn.bcebos.com | tcp |
| US | 8.8.8.8:53 | syimg.3dmgame.com | udp |
| US | 8.8.8.8:53 | 38.86.107.171.in-addr.arpa | udp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| US | 8.8.8.8:53 | my.3dmgame.com | udp |
| US | 8.8.8.8:53 | ssl.captcha.qq.com | udp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| CN | 222.187.238.81:443 | my.3dmgame.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| US | 8.8.8.8:53 | 169.101.29.14.in-addr.arpa | udp |
| CN | 222.187.238.81:443 | my.3dmgame.com | tcp |
| CN | 157.255.220.168:443 | ssl.captcha.qq.com | tcp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| CN | 14.29.101.169:443 | syimg.3dmgame.com | tcp |
| US | 8.8.8.8:53 | 81.238.187.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.220.255.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | olimg.3dmgame.com | udp |
| US | 8.8.8.8:53 | eclick.baidu.com | udp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | captcha.gtimg.com | udp |
| US | 8.8.8.8:53 | 137.68.242.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| HK | 103.235.46.191:443 | hm.baidu.com | tcp |
| HK | 103.235.46.191:443 | hm.baidu.com | tcp |
| HK | 103.235.46.191:443 | hm.baidu.com | tcp |
| NL | 43.152.42.39:443 | captcha.gtimg.com | tcp |
| US | 8.8.8.8:53 | 39.42.152.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.46.235.103.in-addr.arpa | udp |
| SG | 150.109.90.57:443 | tam.cdn-go.cn | tcp |
| SG | 150.109.90.57:443 | tam.cdn-go.cn | tcp |
| US | 8.8.8.8:53 | 57.90.109.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syly.3dmgame.com | udp |
| CN | 14.29.101.169:443 | syly.3dmgame.com | tcp |
| US | 8.8.8.8:53 | tj.shwswl.cn | udp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| CN | 14.29.101.160:443 | tj.shwswl.cn | tcp |
| US | 8.8.8.8:53 | 160.101.29.14.in-addr.arpa | udp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| CN | 110.242.68.137:443 | eclick.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b950ebe404eda736e529f1b0a975e8db |
| SHA1 | 4d2c020f1aa70e2bcb666a2dd144d1f3588430b8 |
| SHA256 | bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4 |
| SHA512 | 6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a |
\??\pipe\LOCAL\crashpad_4608_FHRTZFVKUVSGSBFO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bdf7a85ca17829695f4c88831cef8b2d |
| SHA1 | 7f09b623bf024a878ccd41040a2192e9f611315e |
| SHA256 | c1efe18a15161197e823f79936ef9558c670bb000829df34ea7ee7aec9aa4862 |
| SHA512 | e0448e1f70c61868cbb9b6bbecc5830cc78f3dd0a62179c64cc27a1fdda9c4128c11ceb80a0090fb3d87051592601829dc57d7b3681271f5d28b5148a85babc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fafa1b4a8b64c9e72486f9d67a36b8cf |
| SHA1 | b4ca749410edadae9ff05dc92b3ddac53447c32f |
| SHA256 | 7ba65f9632db99fe78a12f5ef95aaddc3c4deea19c8777efb0ee7b343cdf688c |
| SHA512 | c65beabdce3cbc0a3d500480a13bad472e8c2069837581ae3419bff798c037faa677d2aa11779aa6b010f1b925b6cde88b04cf030b54fae9271201d155e71d67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e26be9ce0f929ad129721b47eab1d5f9 |
| SHA1 | cf3c6d3e3468c93db0d6bf95e7405b8cf293fda7 |
| SHA256 | b2eccb88fd5d5d229dcd87b1ed2be124418f9a7cba39341b4144ea41eefd6c5b |
| SHA512 | 4291b2e0a3e3e3a2ceae1f5faf0086c048f293bbb35997eb145ee533efd56b93a0e73558bb1197405462831dce6785cef472c14f1b5a9dcb8f9e20b38873ce67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ca36933e6dea7aa507a272121b34fdbb |
| SHA1 | 3b4741ca0308b345de5ecf6c3565b1dbacb0fb86 |
| SHA256 | fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d |
| SHA512 | 5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d952e43ee32bf70a2da164b32bef023 |
| SHA1 | 16ff7619885520caa5fc31429f0b281657179dd2 |
| SHA256 | 73c1e69274843939bdfa975a45779173f5fe7c5066eedefee25f94739ae9ca83 |
| SHA512 | 80c3641b950b6f818d51eae61ce7a38895d3336599f44177aa3b68966272080c33657cd3b109e1ce52bb7e8c3f52b17a18a6886bebf594c4f692437bf6f3cc58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585f90.TMP
| MD5 | 7aed9f576b138542d55be02be8e89455 |
| SHA1 | cac611736885e8d8d414e1d1cacd5d483c005a22 |
| SHA256 | cd464bf6107abdd5815dd9e6691d25acb7f57a4cbf8e45a9ec08c546f84eca62 |
| SHA512 | 8125a79a7fdd8e0b5010308bd77a36ee7eee7a1b871e57a352eb33e6d9dd17954125c83a4c357201e9949bcc8df1161f9b9e34f7cc7b6fde9d8384a547c7a084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6902443d52e99247d2de27802c6ad1a5 |
| SHA1 | c9120809c131641c240fee62b80840c24eead31a |
| SHA256 | 2678bba94655c3184e14a5f545f107dbb4b398cbd49426ba6d85f5c26362de1e |
| SHA512 | 9187a85bd39c8fb866fccb4d59963133f09bbcba3e54de13112f000a3c7dbcd6da3d02e33ab50f9cff778b1a54f65e442cd815d5d437ef843c491d112be44a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 541c2c5d30e756bf5f433a2216bb777a |
| SHA1 | 7d30bfaa9bdd795b68e7da65d2b82efe28070cbd |
| SHA256 | 22b739a895e6af168b3552e3577d756768d782919f258cfd491880761f7fff3a |
| SHA512 | 3c86dd9ec5d7fc5385199f2ecf01da6fb3bedb4f296c482e64ce8c36e25e5d052b6d05f23af82de8e7d0538d5eff1ea1e679d444859b12e14c54581a2a1e7ac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 43ecae1563d4a9e31c08bb9cbc47ecb3 |
| SHA1 | fe8551234d032468152f0a0ba893739ae2e75cb8 |
| SHA256 | c315f24c80ece793db3d2ca67b0b21e25ac8d03200c9a348096cfa3d8c2e906e |
| SHA512 | 18b15e0af4c71f836dfe51e6e0e59165357631171934a64bfa5eea5666cdb165d61f7f18f881bef35a06919ab56f8cb0016ce956821822dc9750de5ba19b0645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 936623b60f3791289710c8286b65a8df |
| SHA1 | 5ee1f6db3d6d8d39956d3d4c4cec37c0d5ea72e5 |
| SHA256 | 26c739e684fda81009ea1f6b80d5ef04828b7fbdf594d4e73189c39625579559 |
| SHA512 | 054b3422ec6e679989155b6f50af7f24eb3700346a0807fbc071337df9835d37c284804e7efeecc4734d6366e7f70f88126d02819303613b7fc275a62ffaa676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 29daabc566e66f6e55bbcc08a4c26c7b |
| SHA1 | 21fba23f5633bd0583743eb5394ff77c2c038a7b |
| SHA256 | 1bef05e88f9fe20dd7331512a6419b3dbd0e2674bd493ff5e14f655867e40b19 |
| SHA512 | d74557ad616ea61e0cfc4c72738cfc2decaf43a7119f739ccde3872a4bba7cbaec118cb7c675746e79b178b673b4ad3ba46232a0af09b1fc9ef99b6f97b5d7a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win7-20230712-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\2023年全部热门单机游戏及汉化下载.url
Network
Files
memory/2212-54-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/2212-55-0x00000000005C0000-0x00000000005C1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win10v2004-20230703-en
Max time kernel
116s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\2023年全部热门单机游戏及汉化下载.url
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 254.129.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2023-08-10 14:27
Reported
2023-08-10 14:30
Platform
win7-20230712-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Baldurs Gate 3 v4.1.1 Plus 14 Trainer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 172.67.72.29:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 172.67.72.29:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| NL | 23.222.33.142:80 | x2.c.lencr.org | tcp |
| NL | 23.222.33.142:80 | x2.c.lencr.org | tcp |
Files
memory/3056-54-0x00000000003D0000-0x0000000000404000-memory.dmp
memory/3056-55-0x00000000003D0000-0x0000000000404000-memory.dmp
memory/3056-56-0x000007FEF53A0000-0x000007FEF5D8C000-memory.dmp
memory/3056-57-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-58-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-59-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-60-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-61-0x0000000002180000-0x000000000218A000-memory.dmp
memory/3056-62-0x0000000002180000-0x000000000218A000-memory.dmp
memory/3056-63-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-67-0x000000001AFC0000-0x000000001B040000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab85D5.tmp
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar872F.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e66108a9d12d0d183fae84cae18a0f42 |
| SHA1 | 994ab08d648a380c71c882ba849dddeb7b577b5a |
| SHA256 | a5bcc600bc96bd2e1755d13cc2a28c1bd0cf27da4eabb19e50c39049f1114386 |
| SHA512 | 6f0d7756030e87852b5f7f89efb1c394596555f84a6a5caf5816dc791390e5fd01d972dd118cb1711d4634e688ae62a514c1dba16e4a4bf4e4a77b74577659f5 |
memory/3056-112-0x000007FEF53A0000-0x000007FEF5D8C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb4e694ab7493710827f3014b37d9860 |
| SHA1 | f3c8e395119f8f80ed411c59315a91617c2bf89a |
| SHA256 | 53d897185ac11e9171fab6c73afdde38e497a45baf5b74daaac764062fede8d3 |
| SHA512 | 288e75869f047320757f09cbc6b7357f0b193dc7d85a600e5bb0fbc1b77d3424b48fa76e4d2679aa5c4eb7f4b9161089f73ec0882161586b141807411d4abe53 |
memory/3056-180-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-181-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-182-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-183-0x000000001AFC0000-0x000000001B040000-memory.dmp
memory/3056-184-0x0000000002180000-0x000000000218A000-memory.dmp
memory/3056-185-0x0000000002180000-0x000000000218A000-memory.dmp
memory/3056-186-0x000000001AFC0000-0x000000001B040000-memory.dmp