Malware Analysis Report

2024-09-22 15:16

Sample ID 240529-sp1pwsba69
Target 2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot
SHA256 7123f88b0143e0d6e445d0f9b3fe68150622b151b2dc0802676fd886bb7f4391
Tags
gh0strat purplefox persistence rat rootkit trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7123f88b0143e0d6e445d0f9b3fe68150622b151b2dc0802676fd886bb7f4391

Threat Level: Known bad

The file 2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot was found to be: Known bad.

Malicious Activity Summary

gh0strat purplefox persistence rat rootkit trojan upx

Gh0st RAT payload

Gh0strat

PurpleFox

Detect PurpleFox Rootkit

UPX dump on OEP (original entry point)

Sets service image path in registry

Drops file in Drivers directory

UPX packed file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-29 15:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 15:18

Reported

2024-05-29 15:21

Platform

win7-20240508-en

Max time kernel

110s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

PurpleFox

rootkit trojan purplefox

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatforn.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatforn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\TXPlatforn.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatforn.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File created C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2036 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 1736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2480 wrote to memory of 2712 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2036 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2036 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2036 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2036 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2648 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2648 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2648 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2648 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2660 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2660 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2660 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2660 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 1700 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1700 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1700 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1700 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 1268 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe"

C:\Users\Admin\AppData\Local\Temp\RVN.exe

C:\Users\Admin\AppData\Local\Temp\\RVN.exe

C:\Windows\SysWOW64\TXPlatforn.exe

C:\Windows\SysWOW64\TXPlatforn.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\RVN.exe > nul

C:\Windows\SysWOW64\TXPlatforn.exe

C:\Windows\SysWOW64\TXPlatforn.exe -acsi

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1700" "-buildid=1716584667" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1716584667 --initial-client-data=0x228,0x22c,0x230,0x1fc,0x234,0x7fef64eee38,0x7fef64eee48,0x7fef64eee58

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1092 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=620 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1604 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1652 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1416 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2384 --field-trial-handle=1184,i,246115724486181146,9531439815177079255,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1700" "-buildid=1716584667" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write --disablehighdpi "--force-device-scale-factor=1" "--device-scale-factor=1" "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1716584667 --initial-client-data=0x228,0x22c,0x230,0x1fc,0x234,0x7fef63cee38,0x7fef63cee48,0x7fef63cee58

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1132 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1508 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1464 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1212 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1836 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --force-device-scale-factor=1 --disablehighdpi --buildid=1716584667 --steamid=0 --first-renderer-process --force-device-scale-factor=1 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2216 --field-trial-handle=1184,i,6202109372204927800,12398157804542899977,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 2496

Network

Country Destination Domain Proto
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 cdn.steamstatic.com udp
BE 2.17.107.136:443 cdn.steamstatic.com tcp
BE 2.17.107.136:443 cdn.steamstatic.com tcp
BE 2.17.107.136:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
BE 2.17.107.202:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 162.254.196.84:27017 udp
GB 162.254.196.68:27018 udp
FR 185.25.182.20:27018 udp
FR 185.25.182.20:27017 udp
NL 155.133.248.38:27017 udp
US 162.254.192.71:27018 udp
US 162.254.192.87:27018 udp
US 162.254.192.75:27018 udp
N/A 127.0.0.1:61731 tcp
N/A 127.0.0.1:61730 tcp
N/A 127.0.0.1:61731 tcp
N/A 127.0.0.1:61730 tcp

Files

\Users\Admin\AppData\Local\Temp\RVN.exe

MD5 80ade1893dec9cab7f2e63538a464fcc
SHA1 c06614da33a65eddb506db00a124a3fc3f5be02e
SHA256 57a920389c044e3f5cf93dabff67070b4511e79779b6f874e08f92d8b0d7afbd
SHA512 fffd4f3fccb5301b3c7a5b3bd92747f31549fbd9d0803fe5d502d1bb0ef979140988718c2ee1406ed3e755790d275185e120a56cbcb5ed2eadf62b5cdbfc4cc4

memory/1736-5-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1736-7-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1736-12-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1736-8-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2480-18-0x0000000010000000-0x00000000101B6000-memory.dmp

\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

MD5 0f433ee9a006400416679cf6e5a510c5
SHA1 558403043f0288aba3d9a43e9dfa7e109bc0b31a
SHA256 88eb0e145502e84cfb242b4733eeecbda53f78e33fe748f3c0e1fb14edbd7cd4
SHA512 82048118e7b816ffe9dd0ce114b0fda049345e9d27ab64b1c7a2efb4edb2d08775379ad6678c5a6a77fbfa91d8969e8642460f62b5cded32a704ab238a010ba3

memory/2480-24-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2712-32-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2712-34-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2712-38-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 2fb5e96a5debe6ede912aee81f069724
SHA1 715c54f319ee8776df94bb83493c7a8a662433b7
SHA256 df31961681b7f047f7d344214c752cd9119cefd06e357f3c66cce3c1aa6ff6ed
SHA512 cb59580f9340a74a566ae8e8c394ed053925d46a2fd407edb6ea48fb62e7a80a9e17a939f7233123c9cba455984c45fd29e423b4ee515d7563572c2e9c3fddb4

memory/2712-72-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

MD5 1e43660c044fde808e01631b30cb7849
SHA1 ab1d440ee2831059d65afd70bddd4e42e0d1812f
SHA256 5ecd467c9726fb131e78fd090a1ff8c78363a623e30cbb7bd75f9f2446d81c3b
SHA512 56f95c42d76e8c4ba08477a786516f148cdc96d387c4de66f80ce2af87b3522eea7ac73ac04e6322938fec6b4cdf8c540e8b3c155ad5a62385143faef9b275ef

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

MD5 93e69eae544858aa33c9c1f6d48c4a8b
SHA1 f8b18435ceaad470bd809f02ac2934a5926e6adf
SHA256 7c569ccef088133b444f049ae07a8b9e6bdb78ef1b00ccfc6eacbf7b23619b3c
SHA512 cc4256ea641a41c31bce7ff19d4a5dc50a3a123cd039dba85b70549dcfdd9798024a258dab1be734165a89fcd24792d623f064ed4a639567f68b57b864d2be8b

C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

MD5 9667216fc56106299cfe0474afdeaf39
SHA1 38b0768abfcd617bd8db59431a9525d789c84f83
SHA256 b056457b66dea391772a655ba03871180160314df68768f43b21c3cedf9d19ed
SHA512 a3c02500299e433ada5de7cc12bb05ee6b947ce363d355bb074a5525c68ccf0ccf46b5732262bb56e88f4dc2a0e32d4d577858c48a742a63745be8c3f018bba1

C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

MD5 865b0d09e12ccc72c06440d5aa8b2f6c
SHA1 ba7bf6caea467e99f5690d9b9ad97dfedfba97d8
SHA256 6ace889f5d60f104ef46ca01a2e0fa56f41311bd62fdf2a43ce68fdaff3b0671
SHA512 ea937159c938697b5d38c19f6ca50eda9a2029a064e8fd38f5c98c0e222f3c20c55d740f7fd99d1809db00742790b369dd190b808d73e7ade755ff96414e5f2a

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

MD5 47b4cda4eca080f606db46825e5874c2
SHA1 c16b5f6787380414c952847ef2ba6f0ad5107daf
SHA256 bf32c6b394b380065e438d7b8dd2f3677596f60918d021792fb4594656f3a0c9
SHA512 7e1f01d24847abc3b9666fc3dd780a70eeb7992745bfb081362478df51b70ca964ce431958b9d15c7eb97de87630e09dd7f1dc374dfce45c0e02fb856adfc56b

C:\Users\Admin\AppData\Local\Temp\aom.dll

MD5 d764264518e77cc546a5876c3bcebad4
SHA1 ea17d45b396fa193a851bfd345e2b2c20ad60e12
SHA256 e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd
SHA512 7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

MD5 a2317c5ce4c82910c7f4e97d48af645a
SHA1 67f5034a905cd1ef0c2888fd2cc40c2024d0848c
SHA256 363c1cc60b8cf09f026ffe4d6dabee37021f37d5719fa55ab807d56613e30b90
SHA512 35be28f55fcde4ad140fa089ee86aaeff3e90f174737474dfd502925313225db393a3e27eda0b44d9bee831ead48a24e803c35884842cee2946d558650b6f8f5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

MD5 343858f28c824a864cf53bc434e045f6
SHA1 c74bd7f49746ef17c9931f8020228396e35d613d
SHA256 e306ad69288a5fc020638bf7218fe5bd343365ab9d1465934e9b1f208f50f3e1
SHA512 325c359ed1caa28dfc64f0dce10923c4aa3490c0ea9a03ab5488bf4f2f8d6e5a6914d5734a5b7723bebe252dc5370d38a205ff40d9f65af356621d82094b08ef

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

MD5 4548eac2865691d00f8bbc5c79b880b6
SHA1 2ac1c450daffbb22e62ff60a06409d98c6cf23c8
SHA256 453694608971d4291f52c0d6070698f7d29472a9416b52117e32640a083f683b
SHA512 ee99ee11b7f315f0b21fb27fa93d2aa32ff710862e3a31865f283f4ef521f2504f2c4b23b6b88c615056aef2fc9812aad6787695adc05840561191ec927a29ce

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

MD5 4ca2317d970fab725959390d9b4c5b48
SHA1 663a61913997d19fbae639298a360f4c83564896
SHA256 1df30836ea0826d02ac46ecb783257f774ee6bbc073ab1de62fc09a9fdac2eba
SHA512 268dcc422e562f97c1cab81cc7d3a4b9c3e9e44c4679666edeec775ae049511d092fe4c99ff22e1afbc8ad065ead0d6b0fb2484dcb764cae8a3d2181f165c138

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

MD5 ea1711980e463c54a29da0bbf999db55
SHA1 034d567fd6ca548c9c9e254fda01a1e559ef0077
SHA256 3a0e9029ca829380cabbc4a448e47657a01ba668bc7d2da7dc490f0571147b94
SHA512 d766ce1318bafc8866d6a58b14fc6f444ebf1d84f5aebdee77dbb576947c63decbb96f8fc53c279caa2e06264d76e47c167f941da2dcc6ba950318ea67aa52c2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

MD5 e5623db2a54b98d1c69644777eb9cdba
SHA1 7ee9ff896277291cce9953ea6ef58def4fa3e3d0
SHA256 6054ce87cdc6f2edc1240f75c50db5ef02a8372453debbb1f07dd538af1ac638
SHA512 e0d5c51a4d6d225c0158b7fcb2e1ac026b23cf76b42683006c8368482056a9e05141d78e38d378111ac56e92f5610105d5e69a3876f74ea69a9a3cf1e451fea4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

MD5 97425d9aea0d462042d570587c7e5e51
SHA1 9c013c5c810cb631692ef184098af9ccbe172f78
SHA256 cafe25bba3daa3ecc1984151e2174abca2f669c23d79a166f82e7d3489eeaf3b
SHA512 adea9b32168544918c1b188f4186618f2dd09da8e1ac2b15b9e801241b8bc8f0414d6572ecaf6a4c5026ba142e789744eca04468cd333261251ec8680801f231

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

MD5 42e63c1ba3f2c79b8cc193a24a9611c2
SHA1 7dd2bfaa737f04fad938f8696abd586327f3b4f2
SHA256 0e5827d2ccacfb6893183f2a315e8845db46d5a0f40cd1c317147308b19a112b
SHA512 20dfde8241545c839b01eb297c6a80156fa827b21fff01e18c71e531ec8f0905ecd214f169db44cfbd84f38b0f48e3e165d0423d807af488597ba0b9520129ce

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

MD5 550bbfada29a9637c3e30c04f85fc4ac
SHA1 f5da825a66bd168a1f306350e3437f78be190985
SHA256 2f77ab480cb71f6116cc27253d2fe95f0bc029c91ef2a8ea14b429e50e41efb8
SHA512 a33576a08cd4f24083807b30625f16898c939bc8bcdb94b1742a1fbefab5b1124a5d7b14fcfbbf5689f754dfb03203cc03c0a038fcf920af7999dac85272dfd7

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

MD5 6723c4a5323fd1ca2230fe0c4a30bf0e
SHA1 36701fdf6814debd0cbfd75ef8a1b1abab610dba
SHA256 e0206cfcd213a0eeff4d5c95127cfb303f15f90a9a6c6ab604e2afdeb421b54b
SHA512 a54e2da6973228b54cdd6ee51b3e541f5e232cc502f4c0889045eb5afbfd81c4b8997fddbfdc66d376f3e0bf989e65001796fe474b20bbde96f78e3ec89cb3fc

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 374d312dd46238422ee1202c8dc1b3da
SHA1 b93b79504035fae2d776744ab99402a7fa846e7e
SHA256 087d9859304fc2c7c55e3adbe0add2ed3ee438868ba240e45797adeadd7e5762
SHA512 f803683cb92adc72770ef1b86399d48546f1687ff329e6fe8846f3b4bc1b5b0477c84b657adbdd023de5d62ead8d98e651f2631e9ee68df1196d707f0e160aaf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

MD5 c13c4c30c16b3c340f2ab002bcfcecea
SHA1 b27a05c304d98e9eab92eedff6c60d16dfb3eb5c
SHA256 94bd40ccc96f0550d021ebc53b48b844bba0298f2e57c83d07c4f508034ae8dc
SHA512 e86431c1ff89dbc974c3dee8c05aba097669020b6900e06aec54054cb7fa3facd5bb96cb404a218b2562865d24a0bb1f65f098fd079e896ae610b2e2c27770c5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 c0123097636db5655b905f6c8b4dd3a5
SHA1 dc67706f924b97bcdd141545d37a176ce40fec6a
SHA256 aaa98f62bf9b59f767526a5746d835cac3a1fa24059d4d25229a51b84d90521b
SHA512 43b19efb10e69b79a47ac42589cfe112a4cb42ceb087be27ab535d065243e6ca60baba36cead040aeeaefbae545d412d2b039dcc90f3c1da0d28b528da913140

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

MD5 376af3c88806fc781657dd44790fe917
SHA1 3b39874c4e4db575d38d01be4c4f4c673264e156
SHA256 1048b06d6ee6a882b23c2f8e995bfd37bb987d5297df9a7752176ea45be25791
SHA512 7316b597a13511f1e5bed6e5a3cf421bc3d8efdd6785597dc6908de658a6b20a658d09af95d5a4dce7941ab35da0b39f92d0a8f6a3398c37a2b225756c68ef4e

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

MD5 f10c7d6a424f7c8f175b719b734c7bfb
SHA1 00d62a610931451e240ccffa679e30146840db52
SHA256 52b3c25fd17654c2ef8d51a5361e2257e72d84e495327f4f47e980fe97a12ac8
SHA512 8d0ea30740ed956c5351a5e0d55d55e6343d13caa88b9ecc181ccec3dbc8c09f2fe4db0e7cf588843ae73393f7fc8cfd62e4113bcf3be6896d9e775fea7d4d0d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

MD5 8c4a62cafbdb87c2498e11c509300873
SHA1 81b9180ad1194634e12a4f2fe4a52aab6f763b96
SHA256 1d19dc9d51fd5239b0123526de6ccf9407d1c5b76a382e7c5c451706142d9e05
SHA512 440c9dbeae6044d5ed3fae1a7c87378e2156942e0fe3c7ae29edceb622d11cf7effd209ae0d0737238e251a68aec89a04f2072ca5170492e735e367f4f5c7fc3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

MD5 8b958395de9f6614433ea1917ee8f265
SHA1 24d7fa69d09cf19bde347d8411d990759afdd0c8
SHA256 9cb43b9145a69ace87b677d4021c8459891cb0446a2259b793de29335530ccfa
SHA512 2a12e9a8100f0a39622a503d6124e5c1d5a509adb98fb44769c68c366f9a0e24f368e83be6d83a0424b0b15929c8880b5313bcf6484ee920f536b13aa6643644

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

MD5 e1e74e6e90876973063b5c84fdb71294
SHA1 0ebdd9d54d9d6b1b3475b466dfec6f2a121d3a87
SHA256 232fed0561c071fed572b954bb7f0702c74543e6473cb021098a70349e3a93e8
SHA512 d998cddad2f9620803e62e408a77992980b7369b3a0a49f3cb0f9c22c0c4106b71f4ce9e0011c1b7a0541d508e20650d76fc097e9e0633c84f45089b2280dec3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 859d9676ce764f148803141f8b2614f6
SHA1 c42507a528b7e492d6ef0c99d3946cdc3250b4c9
SHA256 ea01b104994a3c9132d7d58a7f76ced515cc62d24c762a5da3b8039ca2ee60a7
SHA512 1bb5dcead486dba48b337ba2a7590b7ac5e90f85d7f623479c4406b16c0d5ca0fc492713c3c0a31ce0d64053246ee50a6c33ee58f0a3793f101f1af14cbb9f76

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

MD5 346e63df6c712107c1a43ada1209a690
SHA1 e0ef35ca47c1c3875f6edf22c28aabfafad9b4c7
SHA256 3be68ac33afd101f25b8e214b363b31b3e8a09f4441140fcc1bd5307d6c6c44f
SHA512 a188642478b4d56d7ad632ac82032951f668b12b1721b783a4f8d059bb379edc0346208e6f6b957cf9455798ede6a8a441d9a13beab21e1e166e37783495c780

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

MD5 474af6d8555d94f7f7b98ab3c8035ae2
SHA1 3fb45930406dc1f134f336ba57002e991bd8cf2e
SHA256 4d30ff9cf68c9f5dd59f86a2498919bac51cae63382cfba1b4f6cafb67e31948
SHA512 711bdb12802e32a2311fd12022e03745ee1dc0f102c1e19c26fb7181901f350244e3f0978ae87c100aee124d2aa9261faa6a9ea249df76f791deb35919ccfb7a

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

MD5 a37150945dd638258cadbf19c9721168
SHA1 dbea87d699699ec9cafb88e631cd4db9541d68d5
SHA256 f8eb2fdca2481c2961e90a54620f2189dc7d094cf287536993daf5ce522d274f
SHA512 514d09ac3852f6fa86e79841fd2922819b596804ac166e62578bb4ea38948879b8e8ede6c6fcd368fc29727d0e2def1cdd8f02832d3f8572a98da2739cead01b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 578a8869c793d427297d8b27cd6f5bc8
SHA1 7caef315139997a18aa9426e04af6da0fc1c42ad
SHA256 857e523e3d6c0c96d90d9e5b491ce0bb3f514ece422999c2165eec1057fc01b2
SHA512 0494d66b449a05c9de384e3211288f0bc1223483ccd33ac06d1ba30c68d6acd4a37c563e179fd9990c09c7dd37f94a842042d4ced93e1976ba5098c8d0d0f852

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

MD5 756153668502de1c25c4123733aad401
SHA1 760238dd09d4579003418e9b9cbc778c122e6aa5
SHA256 e203f4918e3d8c88efe4dd83985a3eeb71d94116eaf9e90cb7d62973c5ccf0b6
SHA512 6839e10fc83bf9d6f1380df221ca1b40d59da745d7c82a4140ecb468debc5f339fbbc510781850ac70696f74e4092c72bf897e9c66f3a7914d4d089aa9531cc7

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 ca1098bc9b13f7b5fc6ea115a36de9ba
SHA1 9083f54900f0a6e03ba28ede19fe9ce64b6409d4
SHA256 ec580803a295c18ddf74878fe1637e679cd6267af6d7c3e9d639f433b685813c
SHA512 ce8202578091ff5dd1d4a961bfa4327b33ec422a9fb2d52b8fbab41a663311022e3d1122e6ccdebe613a4339a7221a5841e801d2ad33a424c9153f4b05cceb37

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 7f5cecf3ee465e4668a9be0fa31674c5
SHA1 00d15773bf1c799195ad14f61531144c2cea5e6d
SHA256 557f29501705c8207995764e1c860f25403b6a967e6c3cf1f1e12ff123b6f636
SHA512 3bcaaf5cd51148e2db5256711c05aaba3650c49396f9b11c30112f805c8c0338bdcafcfe62203851a282920a49def88b6d96da604422465c3cdcd2be0c7e7fcf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 b2804dea14ec0a1a8bb2877794024ef6
SHA1 f1f3affb9d90e26ee9b3076033a3360f7e83ad50
SHA256 5412dd07064025ffcf8668da2aa2eaedb93d9f92a4d98e054994356414be5208
SHA512 c1cf4ecf1e34026d2cf6db45e2b0379e6db7f8ee8fee36f65f8f42bea1e61f6bace7b3ef06f6b316c21ef8c9961c425b778716d64557f7b836c366453606940b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 773b5cbf74b44f021305fc86accce0b8
SHA1 4e13357b171dad8fd8608f848402553604b6b82c
SHA256 42d22a4c725b707f2ca406b453ea5028032f4b31e3b8d6e2c11b6a3b92ed973c
SHA512 fe2379e5c7707aac8f5aab9febaf7baced61ed6b1e9c7e665fd0c6c46a5434437b9036df6a307a390400278ada7a7e1c6f4c005b3bd7ad2a6ec47e10dde1d7ed

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

MD5 dccc7f052614666443de0dd379f2461e
SHA1 1429be469a6fa1a0a67d28929fa63a807a289b12
SHA256 9aff2ddfa566d25ff6a6930e58c6e041036c222aeafb809f623662897e52ce6e
SHA512 5f1be2c1bdb42159a4c135dd7bc1376f28fe871ac2d11b2ee7733a50b1ad11fb2c1a195ef167be9a262bb24ce5c024eebbb2dd82e44955f6fe6ae623a7ae8784

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

MD5 e6f7c30244cc74b2f9fbe25bc09f1e4a
SHA1 579a395f38de163a6b1118504a3d398b4409119f
SHA256 76fe06b6aee795bd72a52fac180a2e105f09745ebea017017e8025c5a0d3fcdb
SHA512 621a85c7768b3666f4dfcb7d3e1ef6082b348ea60401f654bc2c9d660dfce78f74314e20df98c45644f6af5ca05e765a9fbdce1a7ca04ad3fa57dc67ca165fb0

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 ccdc8fe8856484c4b9eb2a19270ca069
SHA1 aff62d30be1dcf65a95dd7e5a9fb6d4a29fd95b2
SHA256 c57320b896e75eafbc6c5edc7d5916ec895ac69fd24ad5e59bd3a8f4ca4e7fb6
SHA512 a231a5b7af686cc6f8909193757f999fee0e67880b9f0f956d80e760c3990c70f5b5cdac2fcfbb5aebf8ad43b2d8fe85067e17be2458eaa36dbe594dfa980714

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 4263970ca16f36e941598ba308e537b2
SHA1 fcd26814062ba652898931db3be5dff2968c12f1
SHA256 555db885fe01dbf9078b46e2f2eca4de573d809f261fc38ff9338179de99d983
SHA512 bea8a3cb7cbf36ac011c425202904f981c00c3479f1438bf8ed2430430f37d6b2e84e90857e49c166e81f72dda9e51b96bb78c40292f41c742d0af51069bde1b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

MD5 f8716cb27d1ab19ee1a95aca508e1dc9
SHA1 721f225d36302ba8542a0e223994f8339ffda596
SHA256 d9f71e7f76a39ff8b9cef6f931439de3ae62251be62543d16719d78c02cbdc1e
SHA512 dcb2b4ce63363cbc4a49d3b123eb4890634ea1ee25749ddd5cd3880123c3e53ca70c430eaaa9da15c23727cb5b4fde12b4388acd31b4c195377f6ed39dd3703d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

MD5 ae7a8beeed5233404cd32b2befa02077
SHA1 34ea5e1d5ef85bb5af4ac7483b8bc46e9263764c
SHA256 9e0fb5ca77dddd8716fa0c782a11d484756c471c91c35247a4e7e08f55e33b3a
SHA512 a6895c62834bb95622f909be1d85fc9b1796ab108c25b4652ae96517c2eea3df9b7c3ce951ec1283d91e5574e20eb1d6756b45b6d63753d3966bda2d8bf585a4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

MD5 a5707e6342e22d92ef8df839783d1716
SHA1 642c499b65382d883f6f9381fa204ba8d08f1f10
SHA256 fbf7e43884a1fd8adf167a5cfa4319339e2dba84515ec4487e074decc9afb206
SHA512 33a5255fe6b46d228cc131d27479d272342e88f12d884b841751167000e2c6a9c08a996526580a8466e957f4696d2400baf5d2cc2b3e5f8ea23ae3803d684285

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

MD5 ee9e1e1af17a74d23438fb63f6b66395
SHA1 11f60e073257560f5f3dc8943e854bf2eac36ed2
SHA256 8587505e511503127abb7e5c614853b7848a489d96da0a95bc736dc6c3097a5e
SHA512 aca34604580214291d1ea62765ecb280c6eafad7bf8967af8c268d2daff84f783dafec8ed334ac051ad61a14fc3128dc3f396116b9c6413a288fbe7bb099a202

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

MD5 72dbf67f86c95cdef31eaaef5861a00f
SHA1 18134f00734a2255bdf9bbc777045ac2d4f2e2f3
SHA256 5c74808c61ca8b6acb8f74813fb116341b18c27e4a654bbdd383b9fee3f33d36
SHA512 e0bbcdfb658ffa70b047cfd84a0e8a5613530ed0a34cc9ac365f69e253894db4b6fd059ce02627c201c1e9efe0b98aaddb70a641ce297677d3f9162838fdd1f3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 a78aabc0f9a9dc5b9923d2ff67d24f23
SHA1 3a0330b84c7ca674f0710c10eee1e5126d545429
SHA256 39e98dd2cfd15b1687f3a8f8690a80026af0deaba5142c0fe503bbebca46d4c1
SHA512 3efd9fd95ef6aa16172c3d89150d49611c21deaa13fd50c2114e76380de573255ec6bdcfe10665bbe15a17c1d05ba327ca7ea24949ad1a173b3db86bab24adcf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

MD5 df9bc6c6936655ed05180de600916f3c
SHA1 abfd6dc420368aaee7d3ce11cca36af3cb4446f6
SHA256 b34fda7a50b20aaae509d0919ced53d718afb997a2bd9f3b97446c3cebf994d6
SHA512 b6d935a6046a573df8c0a7bafd57c35f333f74fbe754e18de13cdf9a39fd9649449030539b208046651d648eca20e4b5d0e73a8a7d173d6ea37bbfc311b0d6df

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

MD5 880c1094ab4679600f77012712fcfdcc
SHA1 d92636752ceed77e4eb37967306de746953e375a
SHA256 65e57b5316eee1433c006adc6487c3ad3e17412b1a6d5a35ba518aaefd871bbf
SHA512 de8a622fd97bcd0a429c7a0874fc6dbeacb966e406dc519448ddfb420f584686a7a5ef105b4ac45a3a8de3bf0b7ed5b79ed62a92ebfceea3bceccce7298af652

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

MD5 0b2450ac7066b1aa6970cd4763bed6a8
SHA1 9cdc98d8a852c5e66c42e83edec21a1a2ab1d347
SHA256 9e9ee99c5fbe9a2a784d324b4bff06842874dbc33320c1fb02f063060d2d5c7b
SHA512 a1e0b0dee99c5d4ee03f15fa69436f41c965438b289eb244c8bbdec2de4b439e8ea60417ca6a37064b0aff023fbae5debb732e5e69027ca86623514520d6dffd

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

MD5 9c2202f9ebd8d2e8c90c93d3b0f433e1
SHA1 3d20c8f8428df16372e7de91a6d4f94b80aefb4c
SHA256 894842053591d4818bac9e1e476601cf39e4191b4bd0748ccb9f3c2711caa946
SHA512 b274b3f3dafd290f72351b36b9937445e78b6a16eb6cfa9a0b6de3cf11d5d809cd5f4095c2c4a05c16bdd1fb1be0b883e4c387ae8f7693eab958a63ce408097e

C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

MD5 cbc43e3928d5fd556456f8f9ef285063
SHA1 33c043f63171ddbbe58a5031961cb5040d1a245b
SHA256 ae99258ab7694026147b259367ef82d8ac2b118f87c02c7a41f81b82d1f7a9d7
SHA512 0d13bebbd71e48a1dffa34ad68e2a76746b3d745529842aba594b5de4d1a621f8759a2968cd61d8dfe9780a9ff23e808b6c90d63957e6ac2f95bf1ae0bf4b3a6

C:\Users\Admin\AppData\Local\Temp\avif-16.dll

MD5 a09c5fa842fa4456a0b53b46f1050225
SHA1 9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e
SHA256 3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b
SHA512 71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

memory/2988-12512-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT~RFf77819e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/1700-12857-0x00000000709D0000-0x0000000071CE0000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\CabB53C.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB7F2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/1700-13096-0x00000000709D0000-0x0000000071CE0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 15:18

Reported

2024-05-29 15:21

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

PurpleFox

rootkit trojan purplefox

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatforn.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatforn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\TXPlatforn.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatforn.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File created C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatforn.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4076 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 4076 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 4076 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\RVN.exe
PID 2044 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 2044 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 2044 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\RVN.exe C:\Windows\SysWOW64\cmd.exe
PID 2072 wrote to memory of 1412 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2072 wrote to memory of 1412 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 2072 wrote to memory of 1412 N/A C:\Windows\SysWOW64\TXPlatforn.exe C:\Windows\SysWOW64\TXPlatforn.exe
PID 4076 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 4076 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 4076 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 4960 wrote to memory of 2116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4960 wrote to memory of 2116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4960 wrote to memory of 2116 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2472 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2472 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2472 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe
PID 2724 wrote to memory of 12224 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 2724 wrote to memory of 12224 N/A C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 12284 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 12284 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe
PID 12224 wrote to memory of 7028 N/A C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

"C:\Users\Admin\AppData\Local\Temp\2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe"

C:\Users\Admin\AppData\Local\Temp\RVN.exe

C:\Users\Admin\AppData\Local\Temp\\RVN.exe

C:\Windows\SysWOW64\TXPlatforn.exe

C:\Windows\SysWOW64\TXPlatforn.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\RVN.exe > nul

C:\Windows\SysWOW64\TXPlatforn.exe

C:\Windows\SysWOW64\TXPlatforn.exe -acsi

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2724" "-buildid=1716584667" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1716584667 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffbab3fee38,0x7ffbab3fee48,0x7ffbab3fee58

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1716584667 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1728,i,16382988936593017167,11165228350264888403,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2184 --field-trial-handle=1728,i,16382988936593017167,11165228350264888403,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4ec

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1716584667 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2552 --field-trial-handle=1728,i,16382988936593017167,11165228350264888403,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1716584667 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1728,i,16382988936593017167,11165228350264888403,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 cdn.steamstatic.com udp
BE 2.17.107.138:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
BE 2.17.107.138:443 cdn.steamstatic.com tcp
BE 2.17.107.138:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 41.244.122.92.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
BE 2.17.107.193:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 193.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
N/A 127.0.0.1:58497 tcp
N/A 127.0.0.1:58495 tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 ext3-lhr1.steamserver.net udp
GB 162.254.196.68:27030 ext3-lhr1.steamserver.net tcp
GB 162.254.196.68:27025 ext3-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext4-lhr1.steamserver.net udp
GB 162.254.196.84:443 ext4-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext1-par1.steamserver.net udp
FR 185.25.182.20:27037 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 68.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 84.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ext2-par1.steamserver.net udp
FR 185.25.182.52:27019 ext2-par1.steamserver.net tcp
FR 185.25.182.20:443 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 ext2-ams1.steamserver.net udp
NL 155.133.248.39:27037 ext2-ams1.steamserver.net tcp
NL 155.133.248.39:27025 ext2-ams1.steamserver.net tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 39.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.4.4:443 dns.google udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-lhr1.steamserver.net udp
GB 162.254.196.83:27021 ext2-lhr1.steamserver.net tcp
GB 162.254.196.84:27019 ext4-lhr1.steamserver.net tcp
GB 162.254.196.84:443 ext4-lhr1.steamserver.net tcp
FR 185.25.182.20:27035 ext1-par1.steamserver.net tcp
FR 185.25.182.20:27029 ext1-par1.steamserver.net tcp
FR 185.25.182.20:443 ext1-par1.steamserver.net tcp
NL 155.133.248.39:27030 ext2-ams1.steamserver.net tcp
NL 155.133.248.39:27020 ext2-ams1.steamserver.net tcp
US 8.8.8.8:53 83.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\RVN.exe

MD5 80ade1893dec9cab7f2e63538a464fcc
SHA1 c06614da33a65eddb506db00a124a3fc3f5be02e
SHA256 57a920389c044e3f5cf93dabff67070b4511e79779b6f874e08f92d8b0d7afbd
SHA512 fffd4f3fccb5301b3c7a5b3bd92747f31549fbd9d0803fe5d502d1bb0ef979140988718c2ee1406ed3e755790d275185e120a56cbcb5ed2eadf62b5cdbfc4cc4

memory/2044-6-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2044-4-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2044-7-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2044-10-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2072-13-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2072-17-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2072-16-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_2024-05-29_e9d2095fecf3cbe693cdf24316f02c2e_icedid_magniber_qakbot.exe

MD5 0f433ee9a006400416679cf6e5a510c5
SHA1 558403043f0288aba3d9a43e9dfa7e109bc0b31a
SHA256 88eb0e145502e84cfb242b4733eeecbda53f78e33fe748f3c0e1fb14edbd7cd4
SHA512 82048118e7b816ffe9dd0ce114b0fda049345e9d27ab64b1c7a2efb4edb2d08775379ad6678c5a6a77fbfa91d8969e8642460f62b5cded32a704ab238a010ba3

memory/2072-25-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1412-24-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1412-30-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1412-34-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2072-15-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1412-35-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 2fb5e96a5debe6ede912aee81f069724
SHA1 715c54f319ee8776df94bb83493c7a8a662433b7
SHA256 df31961681b7f047f7d344214c752cd9119cefd06e357f3c66cce3c1aa6ff6ed
SHA512 cb59580f9340a74a566ae8e8c394ed053925d46a2fd407edb6ea48fb62e7a80a9e17a939f7233123c9cba455984c45fd29e423b4ee515d7563572c2e9c3fddb4

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Temp\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Users\Admin\AppData\Local\Temp\crashhandler.dll

MD5 9667216fc56106299cfe0474afdeaf39
SHA1 38b0768abfcd617bd8db59431a9525d789c84f83
SHA256 b056457b66dea391772a655ba03871180160314df68768f43b21c3cedf9d19ed
SHA512 a3c02500299e433ada5de7cc12bb05ee6b947ce363d355bb074a5525c68ccf0ccf46b5732262bb56e88f4dc2a0e32d4d577858c48a742a63745be8c3f018bba1

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.manifest

MD5 93e69eae544858aa33c9c1f6d48c4a8b
SHA1 f8b18435ceaad470bd809f02ac2934a5926e6adf
SHA256 7c569ccef088133b444f049ae07a8b9e6bdb78ef1b00ccfc6eacbf7b23619b3c
SHA512 cc4256ea641a41c31bce7ff19d4a5dc50a3a123cd039dba85b70549dcfdd9798024a258dab1be734165a89fcd24792d623f064ed4a639567f68b57b864d2be8b

C:\Users\Admin\AppData\Local\Temp\logs\bootstrap_log.txt

MD5 0d02ae16e8c96ad38e1de638be6dc3ad
SHA1 d7bea14e9d3380b528fad8a34c9bf1fba0a41c13
SHA256 5e10922a0a48ee3dda4b206a5ffcf3a107d926c487705bf946feddf011ae1a6d
SHA512 9474340e790acf7cd771d8d31014295ba8b837b2318451d1d9255fc09b6ac7138fc80335130d501feb064fc4b10de7932a83f1c914882e21a63cd06009498313

C:\Users\Admin\AppData\Local\Temp\package\steam_client_win32.installed

MD5 bb854c18eba5efa5a78f1d529de1639b
SHA1 2de90cff61f384b5ecb27f24481c6024d27d6112
SHA256 eca35a895df817de36635a2e80ac4dd08be3a4fb51076cd0d920cf154efe5aa2
SHA512 abeef06f5192a37d797658893fed5ccd20fd5207ed34ec3bb0b91e966dc6ab6f7d0a8c36b67571afd315bd9b74154a849c8868970827f63c9d015940a1625aba

C:\Users\Admin\AppData\Local\Temp\package\steam_client_metrics.bin

MD5 a3f4cf4b16d0aa291d4a3bf91773f5a4
SHA1 66f8d720a50404d46910f78d082d9a79945ced94
SHA256 2e8d556ca64264e6a79fca5d84be4df3eb3bbc11ad6dba9243820b1385342e75
SHA512 2c27da33b557367f4ade70a7400179344cc2bf9a56b12b43bec75c569bc02456f0aae46410178a32a71a7e464ad0cd5743f2603e0311ea05411f5a0b4554ba43

C:\Users\Admin\AppData\Local\Temp\aom.dll

MD5 d764264518e77cc546a5876c3bcebad4
SHA1 ea17d45b396fa193a851bfd345e2b2c20ad60e12
SHA256 e78492de0ab575add50b925bfd44216d224d09904a9b14c17087a92fdcbc15cd
SHA512 7cf132ea5254a55c08186ffcf5e47360ef5ddd57d03d7051171f6753b22e3925304d183c2037bfd320ad56c08e079f9b2c4640db8cb3dbd38ff500c7a39e997f

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-memory-l1-1-0.dll

MD5 dccc7f052614666443de0dd379f2461e
SHA1 1429be469a6fa1a0a67d28929fa63a807a289b12
SHA256 9aff2ddfa566d25ff6a6930e58c6e041036c222aeafb809f623662897e52ce6e
SHA512 5f1be2c1bdb42159a4c135dd7bc1376f28fe871ac2d11b2ee7733a50b1ad11fb2c1a195ef167be9a262bb24ce5c024eebbb2dd82e44955f6fe6ae623a7ae8784

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\d3dcompiler_47.dll

MD5 a9cd65f4e19f82f0b09003bf6bc3932f
SHA1 9c669fba967454169f1c0797f75e599a1d3d07c9
SHA256 71d9fd57f0279e388e2144aed0eb16240e77a8b98dfdf6aa1d8494f47252835c
SHA512 68a3d0b9aae7c7b953f489914bff2a2c82800dc9cfb1db7f14b80fbfc56941d464ecc8083370f566d7c62f9db8ee26685ecb5bb9674873ac4b1eb1431e3c853f

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\chrome_elf.dll

MD5 80439b12c49898ecdbecb371a294bacf
SHA1 992633f6e84209a6b5cef932c4c3d2c9f0b3e78f
SHA256 2fc98ab775011385ef96af83b13576cbc8b4809f6cfb6b2fc7e321bdedcb370b
SHA512 bdba712217a2cd8612a9ae15104fe97b5fcf990be8306dd6eed8fc29707d23d5b2cc80f596fc3618fa0ec7dc7440f90f55f8d5492c9b1dde6b15b181bf1a76ce

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-eventing-provider-l1-1-0.dll

MD5 7e1b066d99e92ae3e384a3f2df0f6a10
SHA1 c57609b84d48d6ee67848d60dae93fc7f7cf0224
SHA256 090e87f58f945909481e318a77ff4551af74cbe79c5736c7864507bb76d9ce3a
SHA512 93e0fca3f807b1fde68a44dc02feddd68792a1c2a98913627cf32af603a45869e7be94382055c9ee10c9edc4a8a4f6b22999fd0f9532b52525967bb7fd4d83c7

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-downlevel-kernel32-l2-1-0.dll

MD5 eef810c168ba5114d95c91f1e88f6076
SHA1 7952e727e5556067012544ee066e8902f5576974
SHA256 c91132ebfd1ef5d70526c8a67d7c71223b40ef96369aa301e53d943f3deaf855
SHA512 a1a35a376c5ad19985c0bd22e8418a8c861db6f949107b304e4b2ba976d666f6999d5a564f97bbdae38d486f41909caef99c9eadc0b8f4cc894fbdb01fb975b6

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-utility-l1-1-0.dll

MD5 4548eac2865691d00f8bbc5c79b880b6
SHA1 2ac1c450daffbb22e62ff60a06409d98c6cf23c8
SHA256 453694608971d4291f52c0d6070698f7d29472a9416b52117e32640a083f683b
SHA512 ee99ee11b7f315f0b21fb27fa93d2aa32ff710862e3a31865f283f4ef521f2504f2c4b23b6b88c615056aef2fc9812aad6787695adc05840561191ec927a29ce

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-time-l1-1-0.dll

MD5 ea1711980e463c54a29da0bbf999db55
SHA1 034d567fd6ca548c9c9e254fda01a1e559ef0077
SHA256 3a0e9029ca829380cabbc4a448e47657a01ba668bc7d2da7dc490f0571147b94
SHA512 d766ce1318bafc8866d6a58b14fc6f444ebf1d84f5aebdee77dbb576947c63decbb96f8fc53c279caa2e06264d76e47c167f941da2dcc6ba950318ea67aa52c2

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-string-l1-1-0.dll

MD5 e5623db2a54b98d1c69644777eb9cdba
SHA1 7ee9ff896277291cce9953ea6ef58def4fa3e3d0
SHA256 6054ce87cdc6f2edc1240f75c50db5ef02a8372453debbb1f07dd538af1ac638
SHA512 e0d5c51a4d6d225c0158b7fcb2e1ac026b23cf76b42683006c8368482056a9e05141d78e38d378111ac56e92f5610105d5e69a3876f74ea69a9a3cf1e451fea4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-stdio-l1-1-0.dll

MD5 97425d9aea0d462042d570587c7e5e51
SHA1 9c013c5c810cb631692ef184098af9ccbe172f78
SHA256 cafe25bba3daa3ecc1984151e2174abca2f669c23d79a166f82e7d3489eeaf3b
SHA512 adea9b32168544918c1b188f4186618f2dd09da8e1ac2b15b9e801241b8bc8f0414d6572ecaf6a4c5026ba142e789744eca04468cd333261251ec8680801f231

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-runtime-l1-1-0.dll

MD5 42e63c1ba3f2c79b8cc193a24a9611c2
SHA1 7dd2bfaa737f04fad938f8696abd586327f3b4f2
SHA256 0e5827d2ccacfb6893183f2a315e8845db46d5a0f40cd1c317147308b19a112b
SHA512 20dfde8241545c839b01eb297c6a80156fa827b21fff01e18c71e531ec8f0905ecd214f169db44cfbd84f38b0f48e3e165d0423d807af488597ba0b9520129ce

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-process-l1-1-0.dll

MD5 550bbfada29a9637c3e30c04f85fc4ac
SHA1 f5da825a66bd168a1f306350e3437f78be190985
SHA256 2f77ab480cb71f6116cc27253d2fe95f0bc029c91ef2a8ea14b429e50e41efb8
SHA512 a33576a08cd4f24083807b30625f16898c939bc8bcdb94b1742a1fbefab5b1124a5d7b14fcfbbf5689f754dfb03203cc03c0a038fcf920af7999dac85272dfd7

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-private-l1-1-0.dll

MD5 6723c4a5323fd1ca2230fe0c4a30bf0e
SHA1 36701fdf6814debd0cbfd75ef8a1b1abab610dba
SHA256 e0206cfcd213a0eeff4d5c95127cfb303f15f90a9a6c6ab604e2afdeb421b54b
SHA512 a54e2da6973228b54cdd6ee51b3e541f5e232cc502f4c0889045eb5afbfd81c4b8997fddbfdc66d376f3e0bf989e65001796fe474b20bbde96f78e3ec89cb3fc

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 374d312dd46238422ee1202c8dc1b3da
SHA1 b93b79504035fae2d776744ab99402a7fa846e7e
SHA256 087d9859304fc2c7c55e3adbe0add2ed3ee438868ba240e45797adeadd7e5762
SHA512 f803683cb92adc72770ef1b86399d48546f1687ff329e6fe8846f3b4bc1b5b0477c84b657adbdd023de5d62ead8d98e651f2631e9ee68df1196d707f0e160aaf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-math-l1-1-0.dll

MD5 c13c4c30c16b3c340f2ab002bcfcecea
SHA1 b27a05c304d98e9eab92eedff6c60d16dfb3eb5c
SHA256 94bd40ccc96f0550d021ebc53b48b844bba0298f2e57c83d07c4f508034ae8dc
SHA512 e86431c1ff89dbc974c3dee8c05aba097669020b6900e06aec54054cb7fa3facd5bb96cb404a218b2562865d24a0bb1f65f098fd079e896ae610b2e2c27770c5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-locale-l1-1-0.dll

MD5 4ca2317d970fab725959390d9b4c5b48
SHA1 663a61913997d19fbae639298a360f4c83564896
SHA256 1df30836ea0826d02ac46ecb783257f774ee6bbc073ab1de62fc09a9fdac2eba
SHA512 268dcc422e562f97c1cab81cc7d3a4b9c3e9e44c4679666edeec775ae049511d092fe4c99ff22e1afbc8ad065ead0d6b0fb2484dcb764cae8a3d2181f165c138

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-heap-l1-1-0.dll

MD5 343858f28c824a864cf53bc434e045f6
SHA1 c74bd7f49746ef17c9931f8020228396e35d613d
SHA256 e306ad69288a5fc020638bf7218fe5bd343365ab9d1465934e9b1f208f50f3e1
SHA512 325c359ed1caa28dfc64f0dce10923c4aa3490c0ea9a03ab5488bf4f2f8d6e5a6914d5734a5b7723bebe252dc5370d38a205ff40d9f65af356621d82094b08ef

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 c0123097636db5655b905f6c8b4dd3a5
SHA1 dc67706f924b97bcdd141545d37a176ce40fec6a
SHA256 aaa98f62bf9b59f767526a5746d835cac3a1fa24059d4d25229a51b84d90521b
SHA512 43b19efb10e69b79a47ac42589cfe112a4cb42ceb087be27ab535d065243e6ca60baba36cead040aeeaefbae545d412d2b039dcc90f3c1da0d28b528da913140

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-environment-l1-1-0.dll

MD5 376af3c88806fc781657dd44790fe917
SHA1 3b39874c4e4db575d38d01be4c4f4c673264e156
SHA256 1048b06d6ee6a882b23c2f8e995bfd37bb987d5297df9a7752176ea45be25791
SHA512 7316b597a13511f1e5bed6e5a3cf421bc3d8efdd6785597dc6908de658a6b20a658d09af95d5a4dce7941ab35da0b39f92d0a8f6a3398c37a2b225756c68ef4e

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-convert-l1-1-0.dll

MD5 f10c7d6a424f7c8f175b719b734c7bfb
SHA1 00d62a610931451e240ccffa679e30146840db52
SHA256 52b3c25fd17654c2ef8d51a5361e2257e72d84e495327f4f47e980fe97a12ac8
SHA512 8d0ea30740ed956c5351a5e0d55d55e6343d13caa88b9ecc181ccec3dbc8c09f2fe4db0e7cf588843ae73393f7fc8cfd62e4113bcf3be6896d9e775fea7d4d0d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-crt-conio-l1-1-0.dll

MD5 8c4a62cafbdb87c2498e11c509300873
SHA1 81b9180ad1194634e12a4f2fe4a52aab6f763b96
SHA256 1d19dc9d51fd5239b0123526de6ccf9407d1c5b76a382e7c5c451706142d9e05
SHA512 440c9dbeae6044d5ed3fae1a7c87378e2156942e0fe3c7ae29edceb622d11cf7effd209ae0d0737238e251a68aec89a04f2072ca5170492e735e367f4f5c7fc3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-util-l1-1-0.dll

MD5 8b958395de9f6614433ea1917ee8f265
SHA1 24d7fa69d09cf19bde347d8411d990759afdd0c8
SHA256 9cb43b9145a69ace87b677d4021c8459891cb0446a2259b793de29335530ccfa
SHA512 2a12e9a8100f0a39622a503d6124e5c1d5a509adb98fb44769c68c366f9a0e24f368e83be6d83a0424b0b15929c8880b5313bcf6484ee920f536b13aa6643644

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-timezone-l1-1-0.dll

MD5 e1e74e6e90876973063b5c84fdb71294
SHA1 0ebdd9d54d9d6b1b3475b466dfec6f2a121d3a87
SHA256 232fed0561c071fed572b954bb7f0702c74543e6473cb021098a70349e3a93e8
SHA512 d998cddad2f9620803e62e408a77992980b7369b3a0a49f3cb0f9c22c0c4106b71f4ce9e0011c1b7a0541d508e20650d76fc097e9e0633c84f45089b2280dec3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 859d9676ce764f148803141f8b2614f6
SHA1 c42507a528b7e492d6ef0c99d3946cdc3250b4c9
SHA256 ea01b104994a3c9132d7d58a7f76ced515cc62d24c762a5da3b8039ca2ee60a7
SHA512 1bb5dcead486dba48b337ba2a7590b7ac5e90f85d7f623479c4406b16c0d5ca0fc492713c3c0a31ce0d64053246ee50a6c33ee58f0a3793f101f1af14cbb9f76

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-2-0.dll

MD5 346e63df6c712107c1a43ada1209a690
SHA1 e0ef35ca47c1c3875f6edf22c28aabfafad9b4c7
SHA256 3be68ac33afd101f25b8e214b363b31b3e8a09f4441140fcc1bd5307d6c6c44f
SHA512 a188642478b4d56d7ad632ac82032951f668b12b1721b783a4f8d059bb379edc0346208e6f6b957cf9455798ede6a8a441d9a13beab21e1e166e37783495c780

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-synch-l1-1-0.dll

MD5 474af6d8555d94f7f7b98ab3c8035ae2
SHA1 3fb45930406dc1f134f336ba57002e991bd8cf2e
SHA256 4d30ff9cf68c9f5dd59f86a2498919bac51cae63382cfba1b4f6cafb67e31948
SHA512 711bdb12802e32a2311fd12022e03745ee1dc0f102c1e19c26fb7181901f350244e3f0978ae87c100aee124d2aa9261faa6a9ea249df76f791deb35919ccfb7a

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-string-l1-1-0.dll

MD5 a37150945dd638258cadbf19c9721168
SHA1 dbea87d699699ec9cafb88e631cd4db9541d68d5
SHA256 f8eb2fdca2481c2961e90a54620f2189dc7d094cf287536993daf5ce522d274f
SHA512 514d09ac3852f6fa86e79841fd2922819b596804ac166e62578bb4ea38948879b8e8ede6c6fcd368fc29727d0e2def1cdd8f02832d3f8572a98da2739cead01b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 578a8869c793d427297d8b27cd6f5bc8
SHA1 7caef315139997a18aa9426e04af6da0fc1c42ad
SHA256 857e523e3d6c0c96d90d9e5b491ce0bb3f514ece422999c2165eec1057fc01b2
SHA512 0494d66b449a05c9de384e3211288f0bc1223483ccd33ac06d1ba30c68d6acd4a37c563e179fd9990c09c7dd37f94a842042d4ced93e1976ba5098c8d0d0f852

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-profile-l1-1-0.dll

MD5 756153668502de1c25c4123733aad401
SHA1 760238dd09d4579003418e9b9cbc778c122e6aa5
SHA256 e203f4918e3d8c88efe4dd83985a3eeb71d94116eaf9e90cb7d62973c5ccf0b6
SHA512 6839e10fc83bf9d6f1380df221ca1b40d59da745d7c82a4140ecb468debc5f339fbbc510781850ac70696f74e4092c72bf897e9c66f3a7914d4d089aa9531cc7

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 ca1098bc9b13f7b5fc6ea115a36de9ba
SHA1 9083f54900f0a6e03ba28ede19fe9ce64b6409d4
SHA256 ec580803a295c18ddf74878fe1637e679cd6267af6d7c3e9d639f433b685813c
SHA512 ce8202578091ff5dd1d4a961bfa4327b33ec422a9fb2d52b8fbab41a663311022e3d1122e6ccdebe613a4339a7221a5841e801d2ad33a424c9153f4b05cceb37

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 7f5cecf3ee465e4668a9be0fa31674c5
SHA1 00d15773bf1c799195ad14f61531144c2cea5e6d
SHA256 557f29501705c8207995764e1c860f25403b6a967e6c3cf1f1e12ff123b6f636
SHA512 3bcaaf5cd51148e2db5256711c05aaba3650c49396f9b11c30112f805c8c0338bdcafcfe62203851a282920a49def88b6d96da604422465c3cdcd2be0c7e7fcf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 b2804dea14ec0a1a8bb2877794024ef6
SHA1 f1f3affb9d90e26ee9b3076033a3360f7e83ad50
SHA256 5412dd07064025ffcf8668da2aa2eaedb93d9f92a4d98e054994356414be5208
SHA512 c1cf4ecf1e34026d2cf6db45e2b0379e6db7f8ee8fee36f65f8f42bea1e61f6bace7b3ef06f6b316c21ef8c9961c425b778716d64557f7b836c366453606940b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 773b5cbf74b44f021305fc86accce0b8
SHA1 4e13357b171dad8fd8608f848402553604b6b82c
SHA256 42d22a4c725b707f2ca406b453ea5028032f4b31e3b8d6e2c11b6a3b92ed973c
SHA512 fe2379e5c7707aac8f5aab9febaf7baced61ed6b1e9c7e665fd0c6c46a5434437b9036df6a307a390400278ada7a7e1c6f4c005b3bd7ad2a6ec47e10dde1d7ed

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-localization-l1-2-0.dll

MD5 e6f7c30244cc74b2f9fbe25bc09f1e4a
SHA1 579a395f38de163a6b1118504a3d398b4409119f
SHA256 76fe06b6aee795bd72a52fac180a2e105f09745ebea017017e8025c5a0d3fcdb
SHA512 621a85c7768b3666f4dfcb7d3e1ef6082b348ea60401f654bc2c9d660dfce78f74314e20df98c45644f6af5ca05e765a9fbdce1a7ca04ad3fa57dc67ca165fb0

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 ccdc8fe8856484c4b9eb2a19270ca069
SHA1 aff62d30be1dcf65a95dd7e5a9fb6d4a29fd95b2
SHA256 c57320b896e75eafbc6c5edc7d5916ec895ac69fd24ad5e59bd3a8f4ca4e7fb6
SHA512 a231a5b7af686cc6f8909193757f999fee0e67880b9f0f956d80e760c3990c70f5b5cdac2fcfbb5aebf8ad43b2d8fe85067e17be2458eaa36dbe594dfa980714

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 4263970ca16f36e941598ba308e537b2
SHA1 fcd26814062ba652898931db3be5dff2968c12f1
SHA256 555db885fe01dbf9078b46e2f2eca4de573d809f261fc38ff9338179de99d983
SHA512 bea8a3cb7cbf36ac011c425202904f981c00c3479f1438bf8ed2430430f37d6b2e84e90857e49c166e81f72dda9e51b96bb78c40292f41c742d0af51069bde1b

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll

MD5 f8716cb27d1ab19ee1a95aca508e1dc9
SHA1 721f225d36302ba8542a0e223994f8339ffda596
SHA256 d9f71e7f76a39ff8b9cef6f931439de3ae62251be62543d16719d78c02cbdc1e
SHA512 dcb2b4ce63363cbc4a49d3b123eb4890634ea1ee25749ddd5cd3880123c3e53ca70c430eaaa9da15c23727cb5b4fde12b4388acd31b4c195377f6ed39dd3703d

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll

MD5 ae7a8beeed5233404cd32b2befa02077
SHA1 34ea5e1d5ef85bb5af4ac7483b8bc46e9263764c
SHA256 9e0fb5ca77dddd8716fa0c782a11d484756c471c91c35247a4e7e08f55e33b3a
SHA512 a6895c62834bb95622f909be1d85fc9b1796ab108c25b4652ae96517c2eea3df9b7c3ce951ec1283d91e5574e20eb1d6756b45b6d63753d3966bda2d8bf585a4

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll

MD5 a2317c5ce4c82910c7f4e97d48af645a
SHA1 67f5034a905cd1ef0c2888fd2cc40c2024d0848c
SHA256 363c1cc60b8cf09f026ffe4d6dabee37021f37d5719fa55ab807d56613e30b90
SHA512 35be28f55fcde4ad140fa089ee86aaeff3e90f174737474dfd502925313225db393a3e27eda0b44d9bee831ead48a24e803c35884842cee2946d558650b6f8f5

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll

MD5 a5707e6342e22d92ef8df839783d1716
SHA1 642c499b65382d883f6f9381fa204ba8d08f1f10
SHA256 fbf7e43884a1fd8adf167a5cfa4319339e2dba84515ec4487e074decc9afb206
SHA512 33a5255fe6b46d228cc131d27479d272342e88f12d884b841751167000e2c6a9c08a996526580a8466e957f4696d2400baf5d2cc2b3e5f8ea23ae3803d684285

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll

MD5 ee9e1e1af17a74d23438fb63f6b66395
SHA1 11f60e073257560f5f3dc8943e854bf2eac36ed2
SHA256 8587505e511503127abb7e5c614853b7848a489d96da0a95bc736dc6c3097a5e
SHA512 aca34604580214291d1ea62765ecb280c6eafad7bf8967af8c268d2daff84f783dafec8ed334ac051ad61a14fc3128dc3f396116b9c6413a288fbe7bb099a202

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-fibers-l1-1-0.dll

MD5 72dbf67f86c95cdef31eaaef5861a00f
SHA1 18134f00734a2255bdf9bbc777045ac2d4f2e2f3
SHA256 5c74808c61ca8b6acb8f74813fb116341b18c27e4a654bbdd383b9fee3f33d36
SHA512 e0bbcdfb658ffa70b047cfd84a0e8a5613530ed0a34cc9ac365f69e253894db4b6fd059ce02627c201c1e9efe0b98aaddb70a641ce297677d3f9162838fdd1f3

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 a78aabc0f9a9dc5b9923d2ff67d24f23
SHA1 3a0330b84c7ca674f0710c10eee1e5126d545429
SHA256 39e98dd2cfd15b1687f3a8f8690a80026af0deaba5142c0fe503bbebca46d4c1
SHA512 3efd9fd95ef6aa16172c3d89150d49611c21deaa13fd50c2114e76380de573255ec6bdcfe10665bbe15a17c1d05ba327ca7ea24949ad1a173b3db86bab24adcf

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll

MD5 df9bc6c6936655ed05180de600916f3c
SHA1 abfd6dc420368aaee7d3ce11cca36af3cb4446f6
SHA256 b34fda7a50b20aaae509d0919ced53d718afb997a2bd9f3b97446c3cebf994d6
SHA512 b6d935a6046a573df8c0a7bafd57c35f333f74fbe754e18de13cdf9a39fd9649449030539b208046651d648eca20e4b5d0e73a8a7d173d6ea37bbfc311b0d6df

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll

MD5 880c1094ab4679600f77012712fcfdcc
SHA1 d92636752ceed77e4eb37967306de746953e375a
SHA256 65e57b5316eee1433c006adc6487c3ad3e17412b1a6d5a35ba518aaefd871bbf
SHA512 de8a622fd97bcd0a429c7a0874fc6dbeacb966e406dc519448ddfb420f584686a7a5ef105b4ac45a3a8de3bf0b7ed5b79ed62a92ebfceea3bceccce7298af652

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll

MD5 0b2450ac7066b1aa6970cd4763bed6a8
SHA1 9cdc98d8a852c5e66c42e83edec21a1a2ab1d347
SHA256 9e9ee99c5fbe9a2a784d324b4bff06842874dbc33320c1fb02f063060d2d5c7b
SHA512 a1e0b0dee99c5d4ee03f15fa69436f41c965438b289eb244c8bbdec2de4b439e8ea60417ca6a37064b0aff023fbae5debb732e5e69027ca86623514520d6dffd

C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll

MD5 9c2202f9ebd8d2e8c90c93d3b0f433e1
SHA1 3d20c8f8428df16372e7de91a6d4f94b80aefb4c
SHA256 894842053591d4818bac9e1e476601cf39e4191b4bd0748ccb9f3c2711caa946
SHA512 b274b3f3dafd290f72351b36b9937445e78b6a16eb6cfa9a0b6de3cf11d5d809cd5f4095c2c4a05c16bdd1fb1be0b883e4c387ae8f7693eab958a63ce408097e

C:\Users\Admin\AppData\Local\Temp\bin\audio.dll

MD5 cbc43e3928d5fd556456f8f9ef285063
SHA1 33c043f63171ddbbe58a5031961cb5040d1a245b
SHA256 ae99258ab7694026147b259367ef82d8ac2b118f87c02c7a41f81b82d1f7a9d7
SHA512 0d13bebbd71e48a1dffa34ad68e2a76746b3d745529842aba594b5de4d1a621f8759a2968cd61d8dfe9780a9ff23e808b6c90d63957e6ac2f95bf1ae0bf4b3a6

C:\Users\Admin\AppData\Local\Temp\avif-16.dll

MD5 a09c5fa842fa4456a0b53b46f1050225
SHA1 9e4677f19e77bf55e7d0e2e82d8c27f79dbbd78e
SHA256 3d7ba6fedfdfd6e751693d718a21438304690b754d1c5d13c847a829b2423b8b
SHA512 71c962da6ed6894209891513bf9f0132a5eab6c65a5d9ba334efcaf73463be5625665a060863a106d59fad1949f6191f641aa4c59ddb0e825701bef08ef9b5a5

memory/7240-12522-0x000001F2A8920000-0x000001F2A8921000-memory.dmp

memory/7240-12521-0x00007FFBC7C00000-0x00007FFBC7C01000-memory.dmp

memory/7292-12535-0x000001BD53FB0000-0x000001BD53FB1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/12224-12587-0x0000018A2A6C0000-0x0000018A2A769000-memory.dmp

memory/2724-12586-0x000000006F660000-0x0000000070970000-memory.dmp

memory/7240-12594-0x000001F2A88F0000-0x000001F2A891B000-memory.dmp

memory/7292-12595-0x000001BD53F80000-0x000001BD53FAB000-memory.dmp

memory/2724-12598-0x000000006F660000-0x0000000070970000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe58606b.TMP

MD5 7bca9f0450a4793e87eb38ec20bb8eb1
SHA1 7bf18763076128e42f196222b0539704693a9e34
SHA256 367e22d5aa674e71bcc9761c34fb5791b165023c4a51a23593b958d9ea98590e
SHA512 9f788229df20225f32aa3cef96358db315d2e91e6229ac05f129ae5eedeb4a4cd7b03e34f8ecb11cbfbd82aa41a3d42d0aba17a89a9f0ec5944df6cf486dd558

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 805fa03eed5ded5f6e160748ae8b8ee1
SHA1 ea42e4f0817d7a28fb57a1fe95da5750254d3bb3
SHA256 88d3d1d7de772f5e853c10ca1e7d81b12eafc20a47a6e4765f4e4f4386846276
SHA512 0e12548f26e877cf5f538903ebbaf88a9830886bff716940fcb4c9676e34d2ba913009ff07d35ad75d791f662886812eb9ee3e5e5b7eb9e751f0922504c83a72

memory/2724-12617-0x000000006F660000-0x0000000070970000-memory.dmp

memory/2724-12621-0x000000006F660000-0x0000000070970000-memory.dmp

memory/2724-12631-0x000000006F660000-0x0000000070970000-memory.dmp

memory/2724-12636-0x000000006F660000-0x0000000070970000-memory.dmp

memory/2724-12646-0x000000006F660000-0x0000000070970000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 33343ec847e913aa170b44906987735d
SHA1 6f6034e09bc82aeddd2cb29dbd48a183d8303f46
SHA256 c51aa8b9c2c85718dd6a67ea124d5e416949ea5fedeb92e6aa78419311676680
SHA512 2445b1c7819e78247e25fe8194649afbe01ea1c5b243216c259bc35ae84ff6aa2d0b987ef532bb8ecbb05fc50b7e6331362ff57bf61b689d672397edd6e7a9ef

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe591bcb.TMP

MD5 fd1f769ec95fa51673b37ed1c8dc8c57
SHA1 9fc0e3f7a783115b36932b47134b70a15a1e338a
SHA256 eea71c76de42970f3d75ab7996d305836b5783cc9330d1e978339b72b00412c4
SHA512 34bb28702ca1c2834553b264f5c629a16ae6a9edfe06604b76db19c29aa00aa9260ce0635fc8594f6e4898ac5e4c7b7326b51bb79cb1a0ea27eeb3cb4f20fecd

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 66fff23e38f7bcf5032cc8bcddac2041
SHA1 92b1fe74c368339d8f770cf7c39dffa43d1b18a6
SHA256 78331eb0f71f0d1d11de073e3569693bfab357abaef091f5fb717a49128a213b
SHA512 b4c58df2f2adc156af6813c2db5942b93273d0e2abeb1bc723c75bf0433a6c0d73c0809cf1991ac2756d71fbfae50a23a20515f71d022cc2f47bfc148d149136

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe593109.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/2724-12668-0x000000006F660000-0x0000000070970000-memory.dmp

memory/2724-12680-0x000000006F660000-0x0000000070970000-memory.dmp