Analysis
-
max time kernel
264s -
max time network
781s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system -
submitted
13/04/2025, 04:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Anti-AFK.exe
Resource
win10v2004-20250410-en
windows10-2004-x64
16 signatures
150 seconds
General
-
Target
Anti-AFK.exe
-
Size
1.0MB
-
MD5
d123427182e9ec7b19765f32fc159719
-
SHA1
3c171e57af9aec12bbe63065149b9a63a7d53e11
-
SHA256
07dfacdc603bb28beb153f81bb4519a7239bdcf8411e5c5f7c26b54ceb5a3865
-
SHA512
7efea1b0914bdd4c29363ca782495cb88fc4a81bcde2ce39b7cae83bd57bf27334eef3e08c3131250f8bbc4b4f466fcacab1c22c1369cc860ba87d43a1fa8534
-
SSDEEP
24576:ozbQfQjWKM072B6PUppfZkyE3ScFYTYwYkPBlIpFIa:ofQfiZ7q/ruyE3SSY0wYkZ
Score
10/10
Malware Config
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
RevengeRat Executable 1 IoCs
resource yara_rule behavioral1/files/0x00070000000241a1-29.dat revengerat -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation ANTI-AFK.EXE -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost vbc.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe vbc.exe -
Executes dropped EXE 64 IoCs
pid Process 3916 INSTALLER.EXE 536 INSTALLER.EXE 6000 1.exe 2008 2.exe 3516 INSTALLER.EXE 4656 INSTALLER.EXE 4520 INSTALLER.EXE 4784 INSTALLER.EXE 5352 INSTALLER.EXE 4708 INSTALLER.EXE 344 INSTALLER.EXE 4020 INSTALLER.EXE 2808 INSTALLER.EXE 2344 INSTALLER.EXE 1452 INSTALLER.EXE 6096 INSTALLER.EXE 2828 INSTALLER.EXE 512 INSTALLER.EXE 2164 INSTALLER.EXE 3420 INSTALLER.EXE 1088 INSTALLER.EXE 1468 INSTALLER.EXE 1864 INSTALLER.EXE 1664 INSTALLER.EXE 2856 INSTALLER.EXE 6004 INSTALLER.EXE 5332 INSTALLER.EXE 5092 INSTALLER.EXE 4472 INSTALLER.EXE 5108 INSTALLER.EXE 5456 INSTALLER.EXE 2516 INSTALLER.EXE 5444 INSTALLER.EXE 2096 INSTALLER.EXE 4496 INSTALLER.EXE 4636 INSTALLER.EXE 6112 INSTALLER.EXE 5660 INSTALLER.EXE 4888 INSTALLER.EXE 5256 INSTALLER.EXE 1484 INSTALLER.EXE 5600 INSTALLER.EXE 816 INSTALLER.EXE 1888 INSTALLER.EXE 6044 INSTALLER.EXE 4956 INSTALLER.EXE 4084 INSTALLER.EXE 4148 INSTALLER.EXE 1640 INSTALLER.EXE 316 INSTALLER.EXE 1472 INSTALLER.EXE 2716 INSTALLER.EXE 1784 INSTALLER.EXE 4912 INSTALLER.EXE 2348 INSTALLER.EXE 456 INSTALLER.EXE 4544 INSTALLER.EXE 2692 INSTALLER.EXE 1812 INSTALLER.EXE 3916 INSTALLER.EXE 5008 INSTALLER.EXE 4364 INSTALLER.EXE 4748 INSTALLER.EXE 4844 INSTALLER.EXE -
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Windows\\SysWOW64\\2.exe" InstallUtil.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe INSTALLER.EXE File opened for modification C:\Windows\SysWOW64\system.EXE INSTALLER.EXE File created C:\Windows\SysWOW64\1.exe Process not Found File created C:\Windows\SysWOW64\1.exe Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found File opened for modification C:\Windows\SysWOW64\system.EXE Process not Found -
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 2008 set thread context of 4776 2008 2.exe 93 PID 4776 set thread context of 3460 4776 InstallUtil.exe 98 PID 8924 set thread context of 5864 8924 2.exe 657 PID 5864 set thread context of 8464 5864 InstallUtil.exe 1655 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 10552 14172 Process not Found 2404 -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vbc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ANTI-AFK.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 InstallUtil.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString InstallUtil.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2008 2.exe Token: SeDebugPrivilege 4776 InstallUtil.exe Token: SeDebugPrivilege 8924 2.exe Token: SeDebugPrivilege 5864 InstallUtil.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2000 wrote to memory of 3192 2000 Anti-AFK.exe 85 PID 2000 wrote to memory of 3192 2000 Anti-AFK.exe 85 PID 2000 wrote to memory of 3192 2000 Anti-AFK.exe 85 PID 2000 wrote to memory of 3916 2000 Anti-AFK.exe 86 PID 2000 wrote to memory of 3916 2000 Anti-AFK.exe 86 PID 2000 wrote to memory of 3916 2000 Anti-AFK.exe 86 PID 3192 wrote to memory of 640 3192 ANTI-AFK.EXE 87 PID 3192 wrote to memory of 640 3192 ANTI-AFK.EXE 87 PID 3192 wrote to memory of 640 3192 ANTI-AFK.EXE 87 PID 3192 wrote to memory of 536 3192 ANTI-AFK.EXE 88 PID 3192 wrote to memory of 536 3192 ANTI-AFK.EXE 88 PID 3192 wrote to memory of 536 3192 ANTI-AFK.EXE 88 PID 3916 wrote to memory of 6000 3916 INSTALLER.EXE 89 PID 3916 wrote to memory of 6000 3916 INSTALLER.EXE 89 PID 3916 wrote to memory of 2008 3916 INSTALLER.EXE 90 PID 3916 wrote to memory of 2008 3916 INSTALLER.EXE 90 PID 3916 wrote to memory of 2008 3916 INSTALLER.EXE 90 PID 640 wrote to memory of 5312 640 ANTI-AFK.EXE 91 PID 640 wrote to memory of 5312 640 ANTI-AFK.EXE 91 PID 640 wrote to memory of 5312 640 ANTI-AFK.EXE 91 PID 640 wrote to memory of 3516 640 ANTI-AFK.EXE 92 PID 640 wrote to memory of 3516 640 ANTI-AFK.EXE 92 PID 640 wrote to memory of 3516 640 ANTI-AFK.EXE 92 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 2008 wrote to memory of 4776 2008 2.exe 93 PID 5312 wrote to memory of 4644 5312 ANTI-AFK.EXE 94 PID 5312 wrote to memory of 4644 5312 ANTI-AFK.EXE 94 PID 5312 wrote to memory of 4644 5312 ANTI-AFK.EXE 94 PID 5312 wrote to memory of 4656 5312 ANTI-AFK.EXE 95 PID 5312 wrote to memory of 4656 5312 ANTI-AFK.EXE 95 PID 5312 wrote to memory of 4656 5312 ANTI-AFK.EXE 95 PID 4644 wrote to memory of 4968 4644 ANTI-AFK.EXE 96 PID 4644 wrote to memory of 4968 4644 ANTI-AFK.EXE 96 PID 4644 wrote to memory of 4968 4644 ANTI-AFK.EXE 96 PID 4644 wrote to memory of 4520 4644 ANTI-AFK.EXE 97 PID 4644 wrote to memory of 4520 4644 ANTI-AFK.EXE 97 PID 4644 wrote to memory of 4520 4644 ANTI-AFK.EXE 97 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4776 wrote to memory of 3460 4776 InstallUtil.exe 98 PID 4968 wrote to memory of 3620 4968 ANTI-AFK.EXE 100 PID 4968 wrote to memory of 3620 4968 ANTI-AFK.EXE 100 PID 4968 wrote to memory of 3620 4968 ANTI-AFK.EXE 100 PID 4968 wrote to memory of 4784 4968 ANTI-AFK.EXE 101 PID 4968 wrote to memory of 4784 4968 ANTI-AFK.EXE 101 PID 4968 wrote to memory of 4784 4968 ANTI-AFK.EXE 101 PID 3620 wrote to memory of 5676 3620 ANTI-AFK.EXE 102 PID 3620 wrote to memory of 5676 3620 ANTI-AFK.EXE 102 PID 3620 wrote to memory of 5676 3620 ANTI-AFK.EXE 102 PID 3620 wrote to memory of 5352 3620 ANTI-AFK.EXE 103 PID 3620 wrote to memory of 5352 3620 ANTI-AFK.EXE 103 PID 3620 wrote to memory of 5352 3620 ANTI-AFK.EXE 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\Anti-AFK.exe"C:\Users\Admin\AppData\Local\Temp\Anti-AFK.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"2⤵
- Suspicious use of WriteProcessMemory
PID:3192 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"3⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"4⤵
- Suspicious use of WriteProcessMemory
PID:5312 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"5⤵
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"6⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4968 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"7⤵
- Suspicious use of WriteProcessMemory
PID:3620 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"8⤵PID:5676
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"9⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"10⤵PID:5024
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"11⤵PID:5636
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"12⤵PID:548
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"13⤵PID:5864
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"14⤵PID:1780
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"15⤵
- Checks computer location settings
PID:5576 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"16⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"17⤵PID:5536
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"18⤵PID:5176
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"19⤵PID:316
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"20⤵PID:3488
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"21⤵
- Checks computer location settings
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"22⤵PID:5880
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"23⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"24⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"25⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"26⤵
- System Location Discovery: System Language Discovery
PID:3396 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"27⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"28⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"29⤵PID:5560
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"30⤵PID:5156
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"31⤵PID:5152
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"32⤵
- System Location Discovery: System Language Discovery
PID:5468 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"33⤵PID:4208
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"34⤵PID:2060
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"35⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"36⤵PID:2784
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"37⤵PID:4828
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"38⤵PID:4812
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"39⤵PID:1300
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"40⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"41⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"42⤵PID:1128
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"43⤵PID:548
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"44⤵
- Checks computer location settings
PID:3696 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"45⤵PID:384
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"46⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"47⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"48⤵PID:5176
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"49⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"50⤵PID:1540
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"51⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"52⤵PID:1552
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"53⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"54⤵PID:1424
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"55⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"56⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"57⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"58⤵PID:6140
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"59⤵PID:2940
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"60⤵PID:5932
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"61⤵PID:5312
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"62⤵PID:3404
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"63⤵PID:6080
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"64⤵
- Checks computer location settings
PID:4812 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"65⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"66⤵PID:3304
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"67⤵PID:4772
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"68⤵PID:688
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"69⤵PID:4160
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"70⤵PID:768
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"71⤵PID:864
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"72⤵PID:5764
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"73⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"74⤵PID:5988
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"75⤵PID:5452
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"76⤵PID:5708
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"77⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"78⤵
- System Location Discovery: System Language Discovery
PID:3492 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"79⤵PID:5112
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"80⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"81⤵PID:2940
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"82⤵PID:5788
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"83⤵PID:4800
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"84⤵
- Checks computer location settings
PID:3348 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"85⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"86⤵PID:4280
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"87⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"88⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"89⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"90⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"91⤵PID:5608
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"92⤵PID:1560
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"93⤵PID:3392
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"94⤵PID:4416
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"95⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"96⤵PID:3748
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"97⤵PID:1920
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"98⤵PID:4652
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"99⤵
- System Location Discovery: System Language Discovery
PID:5860 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"100⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"101⤵PID:5604
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"102⤵PID:4160
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"103⤵PID:5128
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"104⤵PID:3524
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"105⤵
- Checks computer location settings
PID:4272 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"106⤵PID:5668
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"107⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"108⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4232 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"109⤵PID:3908
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"110⤵PID:2648
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"111⤵
- Checks computer location settings
PID:5380 -
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"112⤵PID:916
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"113⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"114⤵PID:5684
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"115⤵PID:3764
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"116⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"117⤵PID:1560
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"118⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"119⤵PID:2216
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"120⤵PID:3908
-
C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"C:\Users\Admin\AppData\Local\Temp\ANTI-AFK.EXE"121⤵PID:5856
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-