Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 20, 2023, 9:43 a.m.	Nov. 20, 2023, 9:50 a.m.

Size	61.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`2547fc421a8ce77e333e88f4f87be833`
SHA256	`9e8143951a098ea6ce5959d1b8c24af47e272af8f5e9843bfc98fef84899f2b7`
CRC32	`07B699B6`
ssdeep	`1572864:fm6gYMf9wxvEfHPC3UnuEeXd/gfmDSBMc/aeX3Rfl2lA60EAJ:u6gYo9wlEfHPC3/QmDSBMc/aexfl2e6I`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer ftp_command - ftp command UPX_Zero - UPX packed file

UnityGameHandler.exe "C:\Users\test22\AppData\Local\Temp\UnityGameHandler.exe"
2068
- UnityGameHandler.exe C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\UnityGameHandler.exe
  2480
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (9 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 20, 2023, 9:36 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:36 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0
IsDebuggerPresent Nov. 20, 2023, 9:37 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 20, 2023, 9:43 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 20, 2023, 9:37 a.m.	stacktrace: RtlUnhandledExceptionFilter+0x2d2 LdrQueryModuleServiceTags-0x6e ntdll+0xc40f2 @ 0x777840f2 EtwEnumerateProcessRegGuids+0x216 RtlTraceDatabaseLock-0x2a ntdll+0xc4736 @ 0x77784736 RtlQueryProcessLockInformation+0x972 RtlTraceDatabaseEnumerate-0xe ntdll+0xc5942 @ 0x77785942 RtlLogStackBackTrace+0x444 RtlTraceDatabaseCreate-0x4ec ntdll+0xc75f4 @ 0x777875f4 RtlLogStackBackTrace+0x828 RtlTraceDatabaseCreate-0x108 ntdll+0xc79d8 @ 0x777879d8 MD5Final+0x9cb0 TpDbgSetLogRoutine-0x6920 ntdll+0x9c280 @ 0x7775c280 RtlSubAuthorityCountSid+0xcc8 RtlCompareUnicodeStrings-0x4b8 ntdll+0x31df8 @ 0x776f1df8 RtlSubAuthorityCountSid+0xb50 RtlCompareUnicodeStrings-0x630 ntdll+0x31c80 @ 0x776f1c80 RtlAllocateHeap+0x178 AlpcGetMessageAttribute-0x14e8 ntdll+0x53518 @ 0x77713518 RtlUpcaseUnicodeChar+0x342 EtwEventEnabled-0x12e ntdll+0x2bf82 @ 0x776ebf82 RtlQueryEnvironmentVariable+0x70c _wcsicmp-0x744 ntdll+0x2623c @ 0x776e623c RtlAllocateHeap+0xe8 AlpcGetMessageAttribute-0x1578 ntdll+0x53488 @ 0x77713488 I_RpcGetBufferWithObject+0x2cf I_RpcNegotiateTransferSyntax-0x1241 rpcrt4+0x4868f @ 0x7fefdf6868f NdrConformantStringUnmarshall+0x80a NdrConformantArrayUnmarshall-0x196 rpcrt4+0x4091a @ 0x7fefdf6091a I_RpcBindingCopy+0x55 I_RpcClearMutex-0x6ab rpcrt4+0x4e9e5 @ 0x7fefdf6e9e5 NDRCContextBinding+0x146b I_RpcBindingCopy-0x45 rpcrt4+0x4e94b @ 0x7fefdf6e94b NDRCContextBinding+0x1034 I_RpcBindingCopy-0x47c rpcrt4+0x4e514 @ 0x7fefdf6e514 Ndr64AsyncClientCall+0x49e NdrClientCall3-0xb32 rpcrt4+0xdc2fe @ 0x7fefdffc2fe Ndr64AsyncClientCall+0xe76 NdrClientCall3-0x15a rpcrt4+0xdccd6 @ 0x7fefdffccd6 NdrClientCall3+0xf5 Ndr64AsyncServerCall64-0x1c9b rpcrt4+0xdcf25 @ 0x7fefdffcf25 NdrFullPointerQueryPointer+0x2e2 NdrDllCanUnloadNow-0x5fe rpcrt4+0x22852 @ 0x7fefdf42852 RpcBindingInqAuthInfoExW+0x1216 TowerConstruct-0x45a rpcrt4+0x377b6 @ 0x7fefdf577b6 RpcBindingInqAuthInfoExW+0x1059 TowerConstruct-0x617 rpcrt4+0x375f9 @ 0x7fefdf575f9 RpcBindingInqAuthInfoExW+0xf9b TowerConstruct-0x6d5 rpcrt4+0x3753b @ 0x7fefdf5753b RpcBindingInqAuthInfoExW+0xea9 TowerConstruct-0x7c7 rpcrt4+0x37449 @ 0x7fefdf57449 RpcBindingInqAuthInfoExW+0xd17 TowerConstruct-0x959 rpcrt4+0x372b7 @ 0x7fefdf572b7 RpcMgmtSetComTimeout+0xae NdrConformantStringMemorySize-0x682 rpcrt4+0x3804e @ 0x7fefdf5804e NdrByteCountPointerUnmarshall+0xa0c RpcStringFreeW-0xa4 rpcrt4+0x3941c @ 0x7fefdf5941c I_RpcNegotiateTransferSyntax+0xab RpcAsyncRegisterInfo-0x1995 rpcrt4+0x4997b @ 0x7fefdf6997b Ndr64AsyncClientCall+0xa23 NdrClientCall3-0x5ad rpcrt4+0xdc883 @ 0x7fefdffc883 Ndr64AsyncClientCall+0xc9b NdrClientCall3-0x335 rpcrt4+0xdcafb @ 0x7fefdffcafb NdrClientCall3+0xf5 Ndr64AsyncServerCall64-0x1c9b rpcrt4+0xdcf25 @ 0x7fefdffcf25 WscGetSecurityProviderHealth+0x903 wscapi+0x704b @ 0x7fef53b704b RtlLookupEntryHashTable+0x341 RtlDeregisterWaitEx-0x1bf ntdll+0xc271 @ 0x776cc271 TpReleaseIoCompletion+0x84c TpDisassociateCallback-0x374 ntdll+0x1656c @ 0x776d656c RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x776e0c26 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: eb 00 48 8b 9c 24 d0 00 00 00 48 81 c4 c0 00 00 exception.symbol: RtlUnhandledExceptionFilter+0x2d2 LdrQueryModuleServiceTags-0x6e ntdll+0xc40f2 exception.instruction: jmp 0x777840f4 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 803058 exception.address: 0x777840f2 registers.r14: 0 registers.r15: 0 registers.rcx: 73913664 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 73924512 registers.r11: 646 registers.r8: 3668801806742034531 registers.r9: 1460712879 registers.rdx: 2004857936 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1930982254 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Nov. 20, 2023, 9:37 a.m.

stacktrace:

RtlUnhandledExceptionFilter+0x2d2 LdrQueryModuleServiceTags-0x6e ntdll+0xc40f2 @ 0x777840f2
EtwEnumerateProcessRegGuids+0x216 RtlTraceDatabaseLock-0x2a ntdll+0xc4736 @ 0x77784736
RtlQueryProcessLockInformation+0x972 RtlTraceDatabaseEnumerate-0xe ntdll+0xc5942 @ 0x77785942
RtlLogStackBackTrace+0x444 RtlTraceDatabaseCreate-0x4ec ntdll+0xc75f4 @ 0x777875f4
RtlLogStackBackTrace+0x828 RtlTraceDatabaseCreate-0x108 ntdll+0xc79d8 @ 0x777879d8
MD5Final+0x9cb0 TpDbgSetLogRoutine-0x6920 ntdll+0x9c280 @ 0x7775c280
RtlSubAuthorityCountSid+0xcc8 RtlCompareUnicodeStrings-0x4b8 ntdll+0x31df8 @ 0x776f1df8
RtlSubAuthorityCountSid+0xb50 RtlCompareUnicodeStrings-0x630 ntdll+0x31c80 @ 0x776f1c80
RtlAllocateHeap+0x178 AlpcGetMessageAttribute-0x14e8 ntdll+0x53518 @ 0x77713518
RtlUpcaseUnicodeChar+0x342 EtwEventEnabled-0x12e ntdll+0x2bf82 @ 0x776ebf82
RtlQueryEnvironmentVariable+0x70c _wcsicmp-0x744 ntdll+0x2623c @ 0x776e623c
RtlAllocateHeap+0xe8 AlpcGetMessageAttribute-0x1578 ntdll+0x53488 @ 0x77713488
I_RpcGetBufferWithObject+0x2cf I_RpcNegotiateTransferSyntax-0x1241 rpcrt4+0x4868f @ 0x7fefdf6868f
NdrConformantStringUnmarshall+0x80a NdrConformantArrayUnmarshall-0x196 rpcrt4+0x4091a @ 0x7fefdf6091a
I_RpcBindingCopy+0x55 I_RpcClearMutex-0x6ab rpcrt4+0x4e9e5 @ 0x7fefdf6e9e5
NDRCContextBinding+0x146b I_RpcBindingCopy-0x45 rpcrt4+0x4e94b @ 0x7fefdf6e94b
NDRCContextBinding+0x1034 I_RpcBindingCopy-0x47c rpcrt4+0x4e514 @ 0x7fefdf6e514
Ndr64AsyncClientCall+0x49e NdrClientCall3-0xb32 rpcrt4+0xdc2fe @ 0x7fefdffc2fe
Ndr64AsyncClientCall+0xe76 NdrClientCall3-0x15a rpcrt4+0xdccd6 @ 0x7fefdffccd6
NdrClientCall3+0xf5 Ndr64AsyncServerCall64-0x1c9b rpcrt4+0xdcf25 @ 0x7fefdffcf25
NdrFullPointerQueryPointer+0x2e2 NdrDllCanUnloadNow-0x5fe rpcrt4+0x22852 @ 0x7fefdf42852
RpcBindingInqAuthInfoExW+0x1216 TowerConstruct-0x45a rpcrt4+0x377b6 @ 0x7fefdf577b6
RpcBindingInqAuthInfoExW+0x1059 TowerConstruct-0x617 rpcrt4+0x375f9 @ 0x7fefdf575f9
RpcBindingInqAuthInfoExW+0xf9b TowerConstruct-0x6d5 rpcrt4+0x3753b @ 0x7fefdf5753b
RpcBindingInqAuthInfoExW+0xea9 TowerConstruct-0x7c7 rpcrt4+0x37449 @ 0x7fefdf57449
RpcBindingInqAuthInfoExW+0xd17 TowerConstruct-0x959 rpcrt4+0x372b7 @ 0x7fefdf572b7
RpcMgmtSetComTimeout+0xae NdrConformantStringMemorySize-0x682 rpcrt4+0x3804e @ 0x7fefdf5804e
NdrByteCountPointerUnmarshall+0xa0c RpcStringFreeW-0xa4 rpcrt4+0x3941c @ 0x7fefdf5941c
I_RpcNegotiateTransferSyntax+0xab RpcAsyncRegisterInfo-0x1995 rpcrt4+0x4997b @ 0x7fefdf6997b
Ndr64AsyncClientCall+0xa23 NdrClientCall3-0x5ad rpcrt4+0xdc883 @ 0x7fefdffc883
Ndr64AsyncClientCall+0xc9b NdrClientCall3-0x335 rpcrt4+0xdcafb @ 0x7fefdffcafb
NdrClientCall3+0xf5 Ndr64AsyncServerCall64-0x1c9b rpcrt4+0xdcf25 @ 0x7fefdffcf25
WscGetSecurityProviderHealth+0x903 wscapi+0x704b @ 0x7fef53b704b
RtlLookupEntryHashTable+0x341 RtlDeregisterWaitEx-0x1bf ntdll+0xc271 @ 0x776cc271
TpReleaseIoCompletion+0x84c TpDisassociateCallback-0x374 ntdll+0x1656c @ 0x776d656c
RtlRealSuccessor+0x136 TpCallbackMayRunLong-0x65a ntdll+0x20c26 @ 0x776e0c26
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: eb 00 48 8b 9c 24 d0 00 00 00 48 81 c4 c0 00 00
exception.symbol: RtlUnhandledExceptionFilter+0x2d2 LdrQueryModuleServiceTags-0x6e ntdll+0xc40f2
exception.instruction: jmp 0x777840f4
exception.module: ntdll.dll
exception.exception_code: 0xc0000374
exception.offset: 803058
exception.address: 0x777840f2
registers.r14: 0
registers.r15: 0
registers.rcx: 73913664
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 73924512
registers.r11: 646
registers.r8: 3668801806742034531
registers.r9: 1460712879
registers.rdx: 2004857936
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1930982254
registers.r13: 0

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 20, 2023, 9:43 a.m.	process_identifier: 2068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741e5000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Nov. 20, 2023, 9:36 a.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000045d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Creates executable files on the filesystem (13 events)

file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\StdUtils.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\libGLESv2.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\swiftshader\libEGL.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\ffmpeg.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\resources\elevate.exe
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\vk_swiftshader.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\swiftshader\libGLESv2.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\d3dcompiler_47.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\libEGL.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\vulkan-1.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\nsis7z.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\UnityGameHandler.exe

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\nsis7z.dll
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\resources\elevate.exe
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\StdUtils.dll

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Alibaba	TrojanPSW:Win32/Stealer.84bdd51f
Kaspersky	Trojan-PSW.Win32.Stealer.butm
Avast	FileRepMalware
Microsoft	Trojan:Win32/Stealer!MSR
ZoneAlarm	Trojan-PSW.Win32.Stealer.butm
Tencent	Win32.Trojan-QQPass.QQRob.Tnkl
AVG	FileRepMalware

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Nov. 20, 2023, 9:43 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1	0

Drops 60 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 60 events)

file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\en-GB.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\chrome_200_percent.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\resources\app.asar
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\da.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\fr.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\hr.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\sw.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\en-US.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\th.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\ru.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\es-419.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\pl.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\es.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\fi.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\te.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\pt-PT.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\lv.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\hi.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\tr.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\snapshot_blob.bin
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\he.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\resources.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\icudtl.dat
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\de.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\sv.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\vi.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\bg.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\nl.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\bn.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\ro.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\ja.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\et.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\pt-BR.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\gu.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\ms.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\fil.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\ca.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\mr.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\ta.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\cs.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\kn.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\fa.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\nb.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\lt.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\sr.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\ml.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\hu.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\el.pak
file	C:\Users\test22\AppData\Local\Temp\2Xzk8dDP76g4Vz77ShAFBdkNkGA\locales\it.pak
file	C:\Users\test22\AppData\Local\Temp\nsuCBD7.tmp\7z-out\locales\uk.pak

UnityGameHandler.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All