Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 26, 2024, 9 a.m. | Jan. 26, 2024, 9:02 a.m. |
-
-
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
2432 -
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
2540 -
KUrJTQEsIHMvAcabBVxa.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\KUrJTQEsIHMvAcabBVxa.exe"
2708-
-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2760 CREDAT:145409
2840
-
-
-
EOhQhAkcbWTB_T1v1y_S.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\EOhQhAkcbWTB_T1v1y_S.exe"
804-
-
schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
2460 -
stan.exe "C:\Users\test22\AppData\Local\Temp\1000609001\stan.exe"
1664 -
installs.exe "C:\Users\test22\AppData\Local\Temp\1000629001\installs.exe"
2976 -
fsdfsfsfs.exe "C:\Users\test22\AppData\Local\Temp\1000630001\fsdfsfsfs.exe"
2108 -
MRK.exe "C:\Users\test22\AppData\Local\Temp\1000631001\MRK.exe"
2060 -
sadsadsadsa.exe "C:\Users\test22\AppData\Local\Temp\1000632001\sadsadsadsa.exe"
2992 -
Atqumy.exe "C:\Users\test22\AppData\Local\Temp\1000634001\Atqumy.exe"
2660 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
3128 -
-
-
-
-
chcp.com chcp 1251
3684 -
schtasks.exe schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\test22\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
3756
-
-
-
nshDAD7.tmp C:\Users\test22\AppData\Local\Temp\nshDAD7.tmp
2368
-
-
toolspub1.exe "C:\Users\test22\AppData\Local\Temp\toolspub1.exe"
3312
-
-
moto.exe "C:\Users\test22\AppData\Local\Temp\1000639001\moto.exe"
3824 -
crypted.exe "C:\Users\test22\AppData\Local\Temp\1000640001\crypted.exe"
1464 -
2024.exe "C:\Users\test22\AppData\Local\Temp\1000641001\2024.exe"
3212 -
alex.exe "C:\Users\test22\AppData\Local\Temp\1000642001\alex.exe"
3372 -
-
RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2620
-
-
-
-
txBA3rlC1VaXg6uHQQD1.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\txBA3rlC1VaXg6uHQQD1.exe"
2028 -
Q2lP3WOPFRddpU6U21z0.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\Q2lP3WOPFRddpU6U21z0.exe"
2868 -
K5hUVnj3aMwtC3i_NpaY.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\K5hUVnj3aMwtC3i_NpaY.exe"
2524
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
accounts.google.com | 142.250.157.84 | |
ipinfo.io | 34.117.186.192 | |
www.google.com | 142.250.76.132 | |
ssl.gstatic.com | 142.250.76.131 | |
pool.hashvault.pro | 142.202.242.43 | |
db-ip.com | 172.67.75.166 |
IP Address | Status | Action |
---|---|---|
104.26.4.15 | Active | Moloch |
109.107.182.3 | Active | Moloch |
125.253.92.50 | Active | Moloch |
141.95.211.148 | Active | Moloch |
142.250.66.36 | Active | Moloch |
142.251.170.84 | Active | Moloch |
164.124.101.2 | Active | Moloch |
185.172.128.109 | Active | Moloch |
185.172.128.19 | Active | Moloch |
185.172.128.90 | Active | Moloch |
185.215.113.68 | Active | Moloch |
193.233.132.62 | Active | Moloch |
216.58.203.67 | Active | Moloch |
34.117.186.192 | Active | Moloch |
5.42.64.33 | Active | Moloch |
94.156.67.230 | Active | Moloch |
195.20.16.103 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.103:49187 142.251.170.84:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=accounts.google.com | e9:00:f4:02:db:2e:43:07:4d:00:d0:33:77:6d:2b:38:28:c5:a2:b6 |
TLSv1 192.168.56.103:49198 142.250.66.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 3a:23:7a:7e:16:ae:ac:26:15:62:07:69:2e:e7:ad:8f:9d:b5:90:b7 |
TLSv1 192.168.56.103:49186 142.251.170.84:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=accounts.google.com | e9:00:f4:02:db:2e:43:07:4d:00:d0:33:77:6d:2b:38:28:c5:a2:b6 |
TLSv1 192.168.56.103:49189 216.58.203.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | 4c:e1:1e:e3:63:49:81:bb:f5:53:ce:44:91:07:8a:14:84:70:7f:66 |
TLSv1 192.168.56.103:49188 216.58.203.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | 4c:e1:1e:e3:63:49:81:bb:f5:53:ce:44:91:07:8a:14:84:70:7f:66 |
TLSv1 192.168.56.103:49209 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.103:49199 142.250.66.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 3a:23:7a:7e:16:ae:ac:26:15:62:07:69:2e:e7:ad:8f:9d:b5:90:b7 |
TLS 1.3 192.168.56.103:49241 125.253.92.50:80 |
None | None | None |
TLSv1 192.168.56.103:49234 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\firefox.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
section |
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.3/cost/ko.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.3/cost/ko.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://185.215.113.68/mine/amers.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.215.113.68/mine/amers.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.3/cost/niks.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.3/cost/niks.exe | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://185.215.113.68/theme/index.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.3/cost/vinu.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.3/cost/vinu.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.68/mine/stan.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.3/cost/networa.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.3/cost/networa.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/installs.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/fsdfsfsfs.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.68/theme/Plugins/cred64.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/MRK.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/sadsadsadsa.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/Atqumy.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.172.128.19/latestrocki.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.68/theme/Plugins/clip64.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/moto.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.90/cpa/ping.php?substr=seven&s=ab | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/crypted.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/2024.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/alex.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://109.107.182.3/lego/rdx1122.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.109/syncUpd.exe |
request | HEAD http://109.107.182.3/cost/ko.exe |
request | GET http://109.107.182.3/cost/ko.exe |
request | HEAD http://185.215.113.68/mine/amers.exe |
request | GET http://185.215.113.68/mine/amers.exe |
request | HEAD http://109.107.182.3/cost/niks.exe |
request | GET http://109.107.182.3/cost/niks.exe |
request | POST http://185.215.113.68/theme/index.php |
request | HEAD http://109.107.182.3/cost/vinu.exe |
request | GET http://109.107.182.3/cost/vinu.exe |
request | GET http://185.215.113.68/mine/stan.exe |
request | HEAD http://109.107.182.3/cost/networa.exe |
request | GET http://109.107.182.3/cost/networa.exe |
request | GET http://109.107.182.3/lego/installs.exe |
request | GET http://109.107.182.3/lego/fsdfsfsfs.exe |
request | GET http://185.215.113.68/theme/Plugins/cred64.dll |
request | GET http://109.107.182.3/lego/MRK.exe |
request | GET http://109.107.182.3/lego/sadsadsadsa.exe |
request | GET http://109.107.182.3/lego/Atqumy.exe |
request | GET http://185.172.128.19/latestrocki.exe |
request | GET http://185.215.113.68/theme/Plugins/clip64.dll |
request | GET http://109.107.182.3/lego/moto.exe |
request | GET http://185.172.128.90/cpa/ping.php?substr=seven&s=ab |
request | GET http://109.107.182.3/lego/crypted.exe |
request | GET http://109.107.182.3/lego/2024.exe |
request | GET http://109.107.182.3/lego/alex.exe |
request | GET http://109.107.182.3/lego/rdx1122.exe |
request | GET http://185.172.128.109/syncUpd.exe |
request | GET https://db-ip.com/demo/home.php?s=175.208.134.152 |
request | GET https://accounts.google.com/ |
request | GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F |
request | GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3H8r8UWuhQ6m2JhTn_UJWtMXXOP18B2sMD6q0yM1EirdCpLoeYafxU7OnBJOlDJRzgLznF |
request | GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp1cKQEpRqzJgd1mJyXaQDg8g6EPaDZyF3Iq1LCz13B1O_GRb-DpHv1Q3bMHBt1iGhMePExXmg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-435268675%3A1706227291300357 |
request | GET https://accounts.google.com/_/bscframe |
request | GET https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png |
request | GET https://accounts.google.com/favicon.ico |
request | GET https://accounts.google.com/generate_204?Gfi3rg |
request | GET https://www.google.com/favicon.ico |
request | POST http://185.215.113.68/theme/index.php |
description | explorhe.exe tried to sleep 238 seconds, actually delayed analysis time by 238 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\bgpipimickeadkjlklgciifhnalhdjhe\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Sync Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Sync Extension Settings\jnkelfanjkeadonecabehalmbgpfodjm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Sync Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Sync Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Sync Extension Settings\fhilaheimglignddkjgofkcbgekhenbh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Sync Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Sync Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Sync Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm\CURRENT |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\1000609001\stan.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\Q2lP3WOPFRddpU6U21z0.exe |
file | C:\Users\test22\AppData\Local\Temp\nsaD6BF.tmp\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\txBA3rlC1VaXg6uHQQD1.exe |
file | C:\Users\test22\AppData\Local\Temp\1000630001\fsdfsfsfs.exe |
file | C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll |
file | C:\Users\test22\AppData\Local\Temp\1000640001\crypted.exe |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\Temp\1000631001\MRK.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\K5hUVnj3aMwtC3i_NpaY.exe |
file | C:\Users\test22\AppData\Local\Temp\toolspub1.exe |
file | C:\Users\test22\AppData\Local\Temp\1000642001\alex.exe |
file | C:\Users\test22\AppData\Roaming\Temp\Task.bat |
file | C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll |
file | C:\Users\test22\AppData\Local\Temp\1000636001\latestrocki.exe |
file | C:\Users\test22\AppData\Local\Temp\1000643001\rdx1122.exe |
file | C:\Users\test22\AppData\Local\Temp\1000639001\moto.exe |
file | C:\Users\test22\AppData\Local\Temp\1000634001\Atqumy.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\EOhQhAkcbWTB_T1v1y_S.exe |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup7.exe |
file | C:\Users\test22\AppData\Local\Temp\1000641001\2024.exe |
file | C:\Users\test22\AppData\Local\Temp\1000632001\sadsadsadsa.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\KUrJTQEsIHMvAcabBVxa.exe |
file | C:\Users\test22\AppData\Local\Temp\1000629001\installs.exe |
cmdline | schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\test22\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F |
cmdline | "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F |
cmdline | SCHTASKS /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\KUrJTQEsIHMvAcabBVxa.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\txBA3rlC1VaXg6uHQQD1.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\Q2lP3WOPFRddpU6U21z0.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\K5hUVnj3aMwtC3i_NpaY.exe |
file | C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe |
file | C:\Users\test22\AppData\Local\Temp\1000609001\stan.exe |
file | C:\Users\test22\AppData\Local\Temp\1000629001\installs.exe |
file | C:\Users\test22\AppData\Local\Temp\1000630001\fsdfsfsfs.exe |
file | C:\Users\test22\AppData\Local\Temp\1000631001\MRK.exe |
file | C:\Users\test22\AppData\Local\Temp\1000632001\sadsadsadsa.exe |
file | C:\Users\test22\AppData\Local\Temp\1000634001\Atqumy.exe |
file | C:\Users\test22\AppData\Local\Temp\1000636001\latestrocki.exe |
file | C:\Users\test22\AppData\Local\Temp\1000640001\crypted.exe |
file | C:\Users\test22\AppData\Local\Temp\1000641001\2024.exe |
file | C:\Users\test22\AppData\Local\Temp\1000642001\alex.exe |
file | C:\Users\test22\AppData\Local\Temp\1000643001\rdx1122.exe |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup7.exe |
file | C:\Users\test22\AppData\Local\Temp\toolspub1.exe |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\clip64[1].dll |
file | C:\Users\test22\AppData\Local\Temp\1000642001\alex.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\KUrJTQEsIHMvAcabBVxa.exe |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\Temp\1000636001\latestrocki.exe |
file | C:\Users\test22\AppData\Local\Temp\1000631001\MRK.exe |
file | C:\Users\test22\AppData\Local\Temp\1000632001\sadsadsadsa.exe |
file | C:\Users\test22\AppData\Local\Temp\1000629001\installs.exe |
file | C:\Users\test22\AppData\Local\Temp\toolspub1.exe |
file | C:\Users\test22\AppData\Local\Temp\InstallSetup7.exe |
file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
file | C:\Users\test22\AppData\Local\Temp\1000641001\2024.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUPUI.DLL |
file | C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe |
file | C:\Users\test22\AppData\Local\Temp\nshDAD7.tmp |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUP.DLL |
file | C:\Users\test22\AppData\Local\Temp\1000643001\rdx1122.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\txBA3rlC1VaXg6uHQQD1.exe |
file | C:\Users\test22\AppData\Local\Temp\1000640001\crypted.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUP.DLL |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\ose00000.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\ose00000.exe |
file | C:\Users\test22\AppData\Local\Temp\rost.exe |
file | C:\Users\test22\AppData\Local\Temp\1000609001\stan.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\Q2lP3WOPFRddpU6U21z0.exe |
file | C:\Users\test22\AppData\Local\Temp\nsaD6BF.tmp\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\1000630001\fsdfsfsfs.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUPUI.DLL |
file | C:\Users\test22\AppData\Local\Temp\1000634001\Atqumy.exe |
file | C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\K5hUVnj3aMwtC3i_NpaY.exe |