Malware Analysis Report

2025-08-05 16:59

Sample ID 240108-d9k3lsbee7
Target 4a5881510b389c117ceefd6ebd7ac781
SHA256 e24e506c5f0e94aff89f5623a3d948aaaf9a1a511656793dc9937cfe04e36ba1
Tags
adware discovery persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e24e506c5f0e94aff89f5623a3d948aaaf9a1a511656793dc9937cfe04e36ba1

Threat Level: Shows suspicious behavior

The file 4a5881510b389c117ceefd6ebd7ac781 was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware discovery persistence spyware stealer

Registers COM server for autorun

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Installs/modifies Browser Helper Object

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-08 03:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 03:42

Reported

2024-01-08 03:45

Platform

win7-20231215-en

Max time kernel

118s

Max time network

120s

Command Line

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe N/A
N/A N/A C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe N/A
N/A N/A C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_CLASSES\Wow6432Node\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_CLASSES\Wow6432Node\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}\InprocServer32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\v4SrcAs.dll" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_CLASSES\Wow6432Node\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Search Scope Monitor = "\"C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4srchmn.exe\" /m=2 /w /h" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Browser Plugin Loader = "C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4brmon.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6}\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6eb534fb-2001-45c4-b860-bc904865a379} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6eb534fb-2001-45c4-b860-bc904865a379}\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files\Internet Explorer\msimg32.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\IE9Mesg\COMMON.T8S C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\Settings\s_pid.dat C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files\Internet Explorer\ieuser.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dyn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4impipe.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4medint.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skplay.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\installKeys.js C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\CHROME.MANIFEST C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4script.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\Message\COMMON.T8S C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome\v4ffxtbr.jar C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\gen1\COMMON.T8S C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4medint.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skplay.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4msg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{e7472076-ff9d-4325-8eaf-613572008758} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\AppName = "v4SkPlay.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\AppName = "v4impipe.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\AppName = "v4SlSrch.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\AppName = "v4SrchMn.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3042df7a-e900-4389-9b94-923df0daa57e} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\AppName = "v4medint.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\UrlSearchHooks C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2c72f7a5-8160-4024-94d8-e0995d547bb0}\InprocServer32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\v4dyn.dll" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.MultipleButton\CurVer C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5b610696-32b6-416c-bf5c-ca4f60a345dd}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.UrlAlertButton.1 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D1479029-BACC-4C9A-8C15-D857A2974E27}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}\TypeLib\ = "{696D3B4F-71EF-41CC-96FF-342317E644DE}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.ScriptButton\CLSID C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5b610696-32b6-416c-bf5c-ca4f60a345dd}\MiscStatus\1\ = "131473" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5b610696-32b6-416c-bf5c-ca4f60a345dd}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BD5AE73-FDA3-469B-9358-D4EDA7123370}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.Radio.1\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BECF6AB-82E3-4E58-9E73-78565FFE5C05}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9D14CAF3-88C2-4C9A-AE73-FE77C2A5697D}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A44A538-73FC-4D86-83DB-68ACE71E5FE8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{696D3B4F-71EF-41CC-96FF-342317E644DE}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DDD8F3F-3774-484C-938C-4D9AB3A5F575}\TypeLib\ = "{4DE8B15E-E379-482A-81C5-CD99EB8CEF40}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2c72f7a5-8160-4024-94d8-e0995d547bb0}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9378167C-FAC6-4DFB-BD4F-F7C195D2B1E4}\1.0\0\win32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\t8res.dll\\1506" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b4ea8204-ee81-4f73-a240-ec4aeb8ad3de}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e001b32e-5acb-4cce-9910-2d379ce0a6d6}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79601CE-6CB5-4A4C-A643-A9FEC2C136F5}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9A402FD-82C8-4743-991E-BC77E62DA0E5}\ProgID\ = "DictionaryBoss.HTMLMenu.1" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0270C2C5-40BD-4CFF-B0DF-79AD2E283AD3}\TypeLib\ = "{696D3B4F-71EF-41CC-96FF-342317E644DE}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE9F4D06-3A23-4F1A-902F-D9E113793576}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7448C04F-A2EC-43F8-B42C-49001A49A199}\ = "SKINWINDOW_INTERFACE" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80}\ProgID\ = "DictionaryBoss.HTMLPanel.1" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FE17CD12-2988-47B4-86E3-640288DE42CB}\ = "IHttpControlEvents" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A525B28E-04EE-455F-8C17-3A0273EBEA2C}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{934894D3-9DF1-4063-BE0B-4246762A87D8}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{715321aa-a1fc-4058-8ffa-668d687b6e32}\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{715321aa-a1fc-4058-8ffa-668d687b6e32}\ProgID\ = "DictionaryBoss.Radio.1" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82481cff-738f-4410-bffb-77595d5d9faa}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SkinLauncherSettings C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08855E67-37D6-48CC-B59E-A010D658A7BB}\TypeLib\ = "{6C367B45-0824-419A-AF7F-157665B56ABA}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19C920DF-88F9-44F8-A17E-A35A12D60525} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{317D0A60-985E-4C4D-BA9B-8D1026665EA9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{488c2712-1482-42ad-bc4d-681e5832f0c2}\TypeLib\ = "{d1479029-bacc-4c9a-8c15-d857a2974e27}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BECF6AB-82E3-4E58-9E73-78565FFE5C05}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9378167C-FAC6-4DFB-BD4F-F7C195D2B1E4}\1.0 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{806AADCB-C4D7-4545-954B-5E6C2952CE79}\ = "POPUPMENU_INTERFACE" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{715321aa-a1fc-4058-8ffa-668d687b6e32}\ProgID C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D43161C-85D1-460D-B835-342DEABD978D}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.XMLSessionPlugin\CLSID\ = "{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BD5AE73-FDA3-469B-9358-D4EDA7123370}\ = "ITemplateXMLElement" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8C0CFCBE-D7E4-4778-8BFD-3A8D8B5A9CCD}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292}\Control C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{da08805b-ba32-426b-ad14-ecac8235a8aa}\Programmable C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292}\InprocServer32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\v4skin.dll" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{696D3B4F-71EF-41CC-96FF-342317E644DE}\1.0 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A436C6EC-9040-4322-AB62-BDB9E81E2F6C}\1.0\0\win32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\t8res.dll\\405" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806AADCB-C4D7-4545-954B-5E6C2952CE79}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SettingsPlugin\CurVer\ = "DictionaryBoss.SettingsPlugin.1" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2499090-ACE6-48A0-ADD9-19FF13B69657}\1.0\ = "TEMPLATEHTMLMenuLib" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe N/A
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1848 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
PID 1948 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe

Processes

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe

"C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe" v4tpinst.dll,#5

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe"

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -install

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -remove

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe" /m=2 /w /h /r

C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE

"C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE" /p=XQ/n="DictionaryBoss"

C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe

"C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\T8SETUP.EX_

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1948-155-0x00000000033F0000-0x000000000349B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 03:42

Reported

2024-01-08 03:45

Platform

win10v2004-20231222-en

Max time kernel

0s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Search Scope Monitor = "\"C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4srchmn.exe\" /m=2 /w /h" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Browser Plugin Loader = "C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4brmon.exe" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skplay.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\CHROME.MANIFEST C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files\Internet Explorer\msimg32.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skplay.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4impipe.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4impipe.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4hkstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4medint.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4hkstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4medint.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4msg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4msg.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dyn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4script.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File created C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
File opened for modification C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\0\win32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\t8res.dll\\626" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\ = "ITemplateBarControl" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\VersionIndependentProgID\ = "DictionaryBoss.SettingsPlugin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SettingsPlugin.1\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\Version C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SettingsPlugin\CLSID C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\ = "ITemplateBarMenu" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus\1\ = "131473" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\Version\ = "1.0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\ = "SEARCHSCOPE_INTERFACE" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ = "ITemplateBarButtonRect" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\TypeLib C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{476C9DB6-2846-4507-A4FC-B95B9D84637C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\0 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\TypeLib\ = "{1a033ae8-0d4d-4ec8-a4a9-47bbe0b6489b}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SettingsPlugin\ C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SettingsPlugin\CurVer C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ = "ITemplateBarButtonRect" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}" C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e} C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1964 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
PID 1568 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1568 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1568 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
PID 1568 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1568 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1568 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1568 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1568 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
PID 1568 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe

"C:\Users\Admin\AppData\Local\Temp\4a5881510b389c117ceefd6ebd7ac781.exe"

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -install

C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe

"C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe" v4tpinst.dll,#5

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe"

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -remove

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe

"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe" /m=2 /w /h /r

C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE

"C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE" /p=XQ/n="DictionaryBoss"

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
GB 96.17.178.176:80 tcp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp

Files

memory/1568-177-0x00000000034B0000-0x000000000355B000-memory.dmp