Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 14, 2023, 7:14 p.m. | Sept. 14, 2023, 7:23 p.m. |
-
-
nbHH0jE8qZJ4tNguvouaT8ug.exe "C:\Users\test22\Pictures\Minor Policy\nbHH0jE8qZJ4tNguvouaT8ug.exe"
2740 -
LCfgNNO96dWppNu7PMj50Yzc.exe "C:\Users\test22\Pictures\Minor Policy\LCfgNNO96dWppNu7PMj50Yzc.exe"
2732-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" -s F652w.85
2140
-
-
cikl6UFkXU4cZQ6sFNhet5qr.exe "C:\Users\test22\Pictures\Minor Policy\cikl6UFkXU4cZQ6sFNhet5qr.exe"
2748 -
jO0KmIb4n4ZjS9AOGznw9fMl.exe "C:\Users\test22\Pictures\Minor Policy\jO0KmIb4n4ZjS9AOGznw9fMl.exe"
2892 -
ldEQBC8aeCgL1Jw4jA1tloQg.exe "C:\Users\test22\Pictures\Minor Policy\ldEQBC8aeCgL1Jw4jA1tloQg.exe"
2916 -
z0cXWJOzi1YW10CuQRQjMRie.exe "C:\Users\test22\Pictures\Minor Policy\z0cXWJOzi1YW10CuQRQjMRie.exe"
2932-
vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
1960
-
-
0Sg4p2isyE32UOnHiUlFNypw.exe "C:\Users\test22\Pictures\Minor Policy\0Sg4p2isyE32UOnHiUlFNypw.exe"
2924 -
ZcWmEJj67YVTAJcMEmzlUq_H.exe "C:\Users\test22\Pictures\Minor Policy\ZcWmEJj67YVTAJcMEmzlUq_H.exe"
2968
-
IP Address | Status | Action |
---|---|---|
104.21.95.210 | Active | Moloch |
104.26.8.59 | Active | Moloch |
148.251.234.93 | Active | Moloch |
156.236.72.121 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.197.101 | Active | Moloch |
172.67.200.102 | Active | Moloch |
172.67.214.144 | Active | Moloch |
176.123.9.85 | Active | Moloch |
178.63.45.64 | Active | Moloch |
182.162.106.32 | Active | Moloch |
185.225.73.32 | Active | Moloch |
185.225.74.51 | Active | Moloch |
193.42.32.118 | Active | Moloch |
34.117.59.81 | Active | Moloch |
45.15.156.229 | Active | Moloch |
45.9.74.80 | Active | Moloch |
87.240.129.133 | Active | Moloch |
87.240.132.78 | Active | Moloch |
87.240.137.134 | Active | Moloch |
87.240.137.140 | Active | Moloch |
94.156.35.76 | Active | Moloch |
95.142.206.0 | Active | Moloch |
95.142.206.1 | Active | Moloch |
95.142.206.3 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49171 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49186 172.67.197.101:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=preconcert.pw | 60:b2:a3:3e:2f:80:57:cd:6f:c1:a3:e9:b3:c6:cb:95:41:83:4a:64 |
TLSv1 192.168.56.103:49184 172.67.214.144:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=sergejbukotko.com | f1:9c:9e:67:d8:1b:22:61:4a:4d:a0:fc:b3:45:84:76:9e:9d:2d:27 |
TLSv1 192.168.56.103:49164 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
TLSv1 192.168.56.103:49190 104.21.95.210:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=verypayment.net | bb:8c:d6:7d:de:34:56:31:72:a3:92:eb:2e:e0:8f:ce:79:20:e6:b2 |
TLSv1 192.168.56.103:49205 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49215 87.240.137.134:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.103:49212 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49220 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.103:49218 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.103:49217 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49221 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.103:49286 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49326 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49216 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49213 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49219 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49334 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.103:49336 87.240.137.140:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.103:49234 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | _RDATA |
section | .vmp0 |
section | .vmp1 |
section | .vmp2 |
suspicious_features | Connection to IP address | suspicious_request | GET http://193.42.32.118/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.15.156.229/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.9.74.80/super.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://45.9.74.80/super.exe |
request | GET http://193.42.32.118/api/tracemap.php |
request | POST http://193.42.32.118/api/firegate.php |
request | HEAD http://ji.alie3ksgbb.com/m/ela205.exe |
request | GET http://ji.alie3ksgbb.com/m/ela205.exe |
request | HEAD http://marrakechchoralmeeting.ma/netTime.exe |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | HEAD http://marrakechchoralmeeting.ma/cgi-sys/suspendedpage.cgi |
request | GET http://marrakechchoralmeeting.ma/netTime.exe |
request | GET http://marrakechchoralmeeting.ma/cgi-sys/suspendedpage.cgi |
request | GET http://45.15.156.229/api/tracemap.php |
request | POST http://45.15.156.229/api/firegate.php |
request | HEAD http://45.9.74.80/super.exe |
request | GET http://45.9.74.80/super.exe |
request | HEAD http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe |
request | GET http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe |
request | GET https://api.myip.com/ |
request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
request | GET https://sergejbukotko.com/7725eaa6592c80f8124e769b4e8a07f7.exe |
request | GET https://preconcert.pw/setup294.exe |
request | GET https://verypayment.net/1bc7618fb98d2d4c287a4f9d42a3529b/7725eaa6592c80f8124e769b4e8a07f7.exe |
request | GET https://vk.com/doc44017378_668850966?hash=seNAc9XpZGb24lXnAxVAwPiPVaSTe6IiTQaY7IFhggw&dl=A9mazd4TmUx700iSSJAZzZTPnbX30hG5PEtIhQs2FVw&api=1&no_preview=1#utube |
request | GET https://vk.com/doc17799268_667374166?hash=t73r7TZmjqi4mQ6K8CuchmsQ2lbq7RbjhwFx1c1Azcg&dl=HaU76slkxIDZ6fTldzxVLdSFmSzwAiccfTBkzLQsA4D&api=1&no_preview=1#u9 |
request | GET https://psv4.userapi.com/c909518/u17799268/docs/d38/272bd98cd010/h27lmi0.bmp?extra=8E5LnE31GAfkun85y6q3JNHdEJ6rb3OS4of8U197zzjPBwzlcBmXiYtqfGEzAOOcBigBbtsjBtCJpKZMK3_lQTtjrrC6bCw4QqmXuSbFcrs-fVc_0h4X8B-FoNEyrA4yLWeFIUw2C7A5wlE2 |
request | GET https://vk.com/doc17799268_667370950?hash=kmRsdqMou4vNz1YzodkAQZcJxKjXdXHF3v2Zycf1w2H&dl=i4K7yr2wzDFn7JZ4az5BAF7ZSXsQBGNbt8o8BOvxSaw&api=1&no_preview=1 |
request | GET https://sun6-20.userapi.com/c237031/u17799268/docs/d44/9d7023004930/PL_Client.bmp?extra=X1aJqe75cj3wH63JyDtM4ZvEFrLEEDM9Cj69lrcSXLQLpLhAVquotaOP2hnr-i131Cw2CXTQYaZGiXrawiBA3-dvrSYSkiKl6gd5nnzy6xUssRlZdOecvfBwEwrAygIbNtWImtAz1AfD6bvt |
request | GET https://vk.com/doc17799268_667301259?hash=mz2nLKvo6dt1uE06v4jRORCgXO1tbK1pSlJhEfMFJco&dl=vkt89M90dzWpJZ9hvFWUTeZuZHqaxeSpP8mP7ffY8Z0&api=1&no_preview=1 |
request | GET https://sun6-21.userapi.com/c235131/u17799268/docs/d34/0d08248537eb/d3232adg.bmp?extra=MXfyziyjTKDf6ofOrhDCTKpsWkbv10mkMTRRhYIV8JRe3R-EQTQ053o3girAdfhhnn5fc1YH_S_WsBSzGbqRuEfy-bz_PCHnGFFm2ELe6Vs13UB3lsTOyfn7GTx222_mFRvKUYaEAkS6mnss |
request | GET https://vk.com/doc44017378_669202180?hash=Qj8GmTTzSwexN5MiDhkzSBdsEuAfR50DxI5PmBbRzn8&dl=G49L5cNOoCw8qI3zZagSCyprvu5ngf5V9jZb6GDfmT8&api=1&no_preview=1#redcl |
request | GET https://sun6-20.userapi.com/c237031/u44017378/docs/d47/f53dd4d29da4/red.bmp?extra=aPmcskdA3y2ObuY7QHUX6sPMjQu36B4newP0bAW-Ly73hW3EW_bozidYJAqh73X7SUvR1gIX9uc9Cb4NNw95t2w09-_aicB8V3k2Xih1EYLcm7JY06Dr2jP135rFTycmXICkUKS8rcX-rNt7 |
request | GET https://vk.com/doc17799268_667356691?hash=cUASNycPr9e7ejTeXRHP4JzU43t6UAQvFbVpJRIyYfL&dl=WIcfE7rh128yHk3HTd3LfM84KN7pulppjnAcRmZGByH&api=1&no_preview=1#orig |
request | GET https://sun6-23.userapi.com/c909218/u17799268/docs/d51/a01868bc6519/OriginalBuild.bmp?extra=ubUUt1995rM2O1vMl6qK3XtVBz9_ydnjOUtvK8odosQtYQIMBBSkvaNNKqqilClao3gbzVteXVX9L9OFNSV06NdFFhqmBwxMRWCeFMALiLTI8W6Vx3d4vHYiIZ6fNIjaj-fFlB6HwOA5YYkC |
request | GET https://vk.com/doc17799268_667370292?hash=3zgmNBZUEabUAWsj0zIdTPreX2uOk9XZqB04AKml9Wc&dl=3EXwtWCuOk8m89Hgrb6xTH69yK7gn8gGsiaT4sE12Ls&api=1&no_preview=1#review |
request | GET https://psv4.userapi.com/c909228/u17799268/docs/d27/d584128e4c13/setup.bmp?extra=QZMNAMmYW-qEHWSBh6dZ9jyKy_PY0fq3EfQW125lr8gOTPQKKk8D6XHsyvSTOD3T7PxspO6gsaXVUJbHjY4x2FlKcs3MgJmS9q6rOCgsMt-fKwYArNbdvgjxPZr2zE35GnV0uOAIllJpHWOQ |
request | POST http://193.42.32.118/api/firegate.php |
request | POST http://45.15.156.229/api/firegate.php |
description | WWW14_64.exe tried to sleep 193 seconds, actually delayed analysis time by 193 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmblappgoiilbgafhjklehhfifbdocee |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_ICON | language | LANG_JAPANESE | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d368 | size | 0x00000468 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_JAPANESE | filetype | data | sublanguage | SUBLANG_DEFAULT | offset | 0x00f1d7d0 | size | 0x0000005a |
domain | ipinfo.io |
file | C:\Users\test22\Pictures\Minor Policy\z0cXWJOzi1YW10CuQRQjMRie.exe |
file | C:\Users\test22\Pictures\Minor Policy\Qsk2lEb1POrkiATkW1TvHjJx.exe |
file | C:\Users\test22\Pictures\Minor Policy\o2mnUNqs4hnoxF2fH15yb1Si.exe |
file | C:\Users\test22\Pictures\Minor Policy\nbHH0jE8qZJ4tNguvouaT8ug.exe |
file | C:\Users\test22\Pictures\Minor Policy\0Sg4p2isyE32UOnHiUlFNypw.exe |
file | C:\Users\test22\Pictures\Minor Policy\9gJPiBlAGORHTZJCQ72APR4K.exe |
file | C:\Users\test22\Pictures\Minor Policy\jO0KmIb4n4ZjS9AOGznw9fMl.exe |
file | C:\Users\test22\Pictures\Minor Policy\4UQYE4n3ZYac371Rz_QX1L7n.exe |
file | C:\Users\test22\Pictures\Minor Policy\OBFJzEOXCKuSMiLDIstThHOE.exe |
file | C:\Users\test22\Pictures\Minor Policy\ldEQBC8aeCgL1Jw4jA1tloQg.exe |
file | C:\Users\test22\Pictures\Minor Policy\cikl6UFkXU4cZQ6sFNhet5qr.exe |
file | C:\Users\test22\Pictures\Minor Policy\LCfgNNO96dWppNu7PMj50Yzc.exe |
file | C:\Users\test22\Pictures\Minor Policy\rRBwy4sa0uuFBL7ETAy2ubW2.exe |
file | C:\Users\test22\Pictures\Minor Policy\ZcWmEJj67YVTAJcMEmzlUq_H.exe |
cmdline | regsvr32 -s F652w.85 |
cmdline | "C:\Windows\System32\regsvr32.exe" -s F652w.85 |
file | C:\Users\test22\AppData\Local\Temp\F652w.85 |