Malware Analysis Report

2025-01-22 09:09

Sample ID 240521-jz19qsea41
Target Solara_Installer.exe
SHA256 4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7
Tags
redline 6077866846_99 infostealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7

Threat Level: Known bad

The file Solara_Installer.exe was found to be: Known bad.

Malicious Activity Summary

redline 6077866846_99 infostealer spyware

RedLine

RedLine payload

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Enumerates physical storage devices

Program crash

Unsigned PE

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 08:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 08:07

Reported

2024-05-21 08:10

Platform

win7-20240419-en

Max time kernel

119s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 992 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 2252 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Windows\SysWOW64\WerFault.exe
PID 2252 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Windows\SysWOW64\WerFault.exe
PID 2252 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Windows\SysWOW64\WerFault.exe
PID 2252 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 1216

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

MD5 37bc047d9f37569f50f4aedb0ff0d94d
SHA1 d07ddc3ac079ba9a032690dbfb29adf899fbadba
SHA256 b3f2737789b0494df00b6e1cb873bf4da77783b64632ce355fdeea3ea00e1edb
SHA512 bc05c041014ac97e5f3ad6b1e58679621ca00778b9b308d17846d1cdd7210f34c473f772d96e60ddeff248c1c80abfe9677e0460ea3ecbd1722f96584daf0827

memory/2252-18-0x0000000073A1E000-0x0000000073A1F000-memory.dmp

memory/2252-19-0x0000000000130000-0x000000000015C000-memory.dmp

memory/2252-20-0x0000000073A10000-0x00000000740FE000-memory.dmp

memory/2252-26-0x0000000073A1E000-0x0000000073A1F000-memory.dmp

memory/2252-27-0x0000000073A10000-0x00000000740FE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 08:07

Reported

2024-05-21 08:10

Platform

win10v2004-20240426-en

Max time kernel

90s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe"

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3648 set thread context of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 set thread context of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 set thread context of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 set thread context of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1592 set thread context of 4032 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3864 set thread context of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5072 set thread context of 3244 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3616 set thread context of 4468 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4812 set thread context of 388 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2792 set thread context of 2868 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4964 set thread context of 2080 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4936 set thread context of 5200 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5324 set thread context of 5464 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5596 set thread context of 5732 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5864 set thread context of 6004 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2664 set thread context of 2712 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5456 set thread context of 3964 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5716 set thread context of 5840 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5704 set thread context of 4272 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1124 set thread context of 5128 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5476 set thread context of 5240 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 6104 set thread context of 2920 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5844 set thread context of 3544 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4188 set thread context of 3696 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5564 set thread context of 768 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5988 set thread context of 5972 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3880 set thread context of 5720 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5328 set thread context of 3724 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5652 set thread context of 1720 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5084 set thread context of 5132 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 6140 set thread context of 924 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2488 set thread context of 5152 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2732 set thread context of 6200 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3956 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3956 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3956 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 4500 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 4500 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 4500 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 4500 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 4500 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 4500 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3648 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2712 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 2712 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 2712 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 2712 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 2712 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 2712 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 5000 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3616 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3616 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3616 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3616 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3616 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3616 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 4664 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3060 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3060 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3060 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 3060 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3060 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3060 wrote to memory of 1160 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 3696 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\cfg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1160 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 1160 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 1160 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\cfg.exe
PID 1160 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
PID 1160 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe

"C:\Users\Admin\AppData\Local\Temp\Solara_Installer.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Users\Admin\AppData\Local\Temp\cfg.exe

"C:\Users\Admin\AppData\Local\Temp\cfg.exe"

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.138:443 www.bing.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 138.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 trafsell.top udp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 6.63.21.65.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.19.24:443 pastebin.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.19.24:443 pastebin.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.19.24:443 pastebin.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
FI 65.21.63.6:3306 trafsell.top tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.19.24:443 pastebin.com tcp
FI 65.21.63.6:3306 trafsell.top tcp

Files

C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe

MD5 37bc047d9f37569f50f4aedb0ff0d94d
SHA1 d07ddc3ac079ba9a032690dbfb29adf899fbadba
SHA256 b3f2737789b0494df00b6e1cb873bf4da77783b64632ce355fdeea3ea00e1edb
SHA512 bc05c041014ac97e5f3ad6b1e58679621ca00778b9b308d17846d1cdd7210f34c473f772d96e60ddeff248c1c80abfe9677e0460ea3ecbd1722f96584daf0827

memory/4500-14-0x0000000072B3E000-0x0000000072B3F000-memory.dmp

memory/4500-15-0x00000000003E0000-0x000000000040C000-memory.dmp

memory/4500-16-0x0000000072B30000-0x00000000732E0000-memory.dmp

memory/4500-17-0x0000000009B50000-0x0000000009B58000-memory.dmp

memory/4500-19-0x0000000009BB0000-0x0000000009BBE000-memory.dmp

memory/4500-18-0x0000000009BD0000-0x0000000009C08000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cfg.exe

MD5 895493b29ce20d3e815e7eeef837bdb2
SHA1 2a9f87129eb0f19d1f1a23926e5d5607b5008603
SHA256 05fc0e79339dd99b39c7fee80a82d08678129afb565d6a3b7e0a2676efe36cf6
SHA512 b9eb37d1ac60831be0ece8e68b2927e4958517982616a09a406ddbd954caf50e0b5d8f03b1bdbebb677e2c410e51a6e34d3b86f03071f941fa4db00e5eea7fb0

memory/3648-32-0x00000000003C0000-0x0000000000454000-memory.dmp

memory/3648-33-0x00000000027F0000-0x00000000027F6000-memory.dmp

C:\Users\Admin\AppData\Roaming\d3d9.dll

MD5 d0ee302b8b8e2835ada5d498760330cd
SHA1 a6c3e7153d30fc938a0fe2e87428ed84b31900aa
SHA256 da12294d6cedf6f80f20eb0076f6d9986b05b1cdb3f177a8af02e5d5065e892c
SHA512 dbe8d96d9c51cab18a0f6ffc26d2f4787b1d6590fd3f1657182e60f046c3bda7082fdff0fff166a085632c81c5321dccbc3c7ffb36785e98f79823546736e8f2

memory/4640-42-0x0000000000750000-0x0000000000772000-memory.dmp

memory/4640-45-0x0000000004C00000-0x0000000004C66000-memory.dmp

memory/4500-44-0x0000000072B30000-0x00000000732E0000-memory.dmp

memory/4640-46-0x00000000056F0000-0x0000000005D08000-memory.dmp

memory/4640-47-0x0000000005180000-0x0000000005192000-memory.dmp

memory/4640-48-0x00000000052B0000-0x00000000053BA000-memory.dmp

memory/4640-50-0x0000000005650000-0x000000000568C000-memory.dmp

memory/4640-51-0x0000000005690000-0x00000000056DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bloxstrap-v2.5.4.exe.log

MD5 e3152798ee190e4fc7411c64955c7eed
SHA1 5e6ceb9361df35a5a0fac32b604d3fdd9f65c650
SHA256 bd13a78aa4b2084742da4adf1f239308081ec9f6e47c8ffb070c4a2c0d39a569
SHA512 bdee879b69e620c7927caee863cb7f93fdfad14236b667aef59e1f1c01550fe6d09940ef36961014e8426b8accd91b8ab0c1ff72e492cc745525a652a8833758

memory/4640-62-0x00000000062F0000-0x00000000064B2000-memory.dmp

memory/4640-64-0x00000000069F0000-0x0000000006F1C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cfg.exe.log

MD5 84cfdb4b995b1dbf543b26b86c863adc
SHA1 d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256 d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

memory/4640-67-0x00000000064C0000-0x0000000006552000-memory.dmp

memory/4640-68-0x00000000074D0000-0x0000000007A74000-memory.dmp

memory/4640-76-0x00000000065E0000-0x0000000006656000-memory.dmp

memory/4640-77-0x00000000062D0000-0x00000000062EE000-memory.dmp

memory/1228-97-0x0000000006F60000-0x0000000006FB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

MD5 1278d745f1c4f9c5b3c7e853e93def84
SHA1 4d1b7b8d4a18b5645f27d543beeadb6a03cbb62b
SHA256 7b0de8809e4a3d06612d1c686aa92c724a069fc08819def615bfc619725bdc89
SHA512 0155b3e1f6ef4c42527981e42944b868490e2fa94568154361db6cabff02aa68a895f104ee4e0b8c4a061090a2056ec42492f705695757535af61fc2d7dfd0d9

memory/1232-254-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-252-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-253-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-264-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-263-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-262-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-261-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-260-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-259-0x0000022813D50000-0x0000022813D51000-memory.dmp

memory/1232-258-0x0000022813D50000-0x0000022813D51000-memory.dmp