Windows Analysis Report
SecuriteInfo.com.Adware.005af3651.12124.22502.exe

ID:	1427002
Product:	CloudBasic
Start time:	21:35:11
Start date:	16.04.2024
Sample:	SecuriteInfo.com.Adware.005af3651.12124.22502.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4c7fc3ea97b821d36545c3957b2d0da2
SHA1:	fe1d2a4867e4ac58d7f06857c6d506b16879ee40
SHA256:	6de058a8f8cba3bcec77779e831796f64a46ebccecc4f01d22179e78b6f7ef2f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.94%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Links\Aliexpress.ico (copy)	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	9757C1521025641E9E4315E6212106F5	A79A3363C6B382DBF71C6663852E125EA7CB56B8	84421E8D61D3927B1C61BA8299BE1A7D698FF92E00944645DB04977EEBDAF6AD
C:\Users\user\AppData\Local\Links\Arche_Age.ico (copy)	Targa image data - Map 32 x 41776 x 1 +1	37553947ABF9E76B4E9D60DB6EC7CA4F	8E823D2F960FFEF28B8D99FC95D7BB215DC6B96F	765AF45B34EF72FBA2639CC3A397A8D14C0C1A5EFF88B299E78EF0B507F4D9D6
C:\Users\user\AppData\Local\Links\Atomic_Heart.ico (copy)	MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	17465E5AC8EF4EF7D8942E1EAED88B60	180B401E0C1E95C24960108649334D774A540673	456ABBCC4FCF75EC4AD6C43D4E3A007B4AB57717474DF8FB378CD0BA347E4386
C:\Users\user\AppData\Local\Links\Battle_Teams.ico (copy)	MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	5F7C3B5821E9758E783E0E0912D5E060	FACAADFBF7E62907A97406A1BB57CCE8D43EEF78	805B4C1CAB106CAF2F33D15FB7C8849436DD2535457E8225938982EDB667D5F3
C:\Users\user\AppData\Local\Links\Blood_and_Soul.ico (copy)	Targa image data - Map 32 x 56059 x 1 +1	788C5DE1CA3F7DEBBB1823FF783A1E43	87EAA23CAC63259CE99EEF44BC3CFF7695174777	118E9D651DB0723494B66C74C907111FA6B5BB648EBFF26CB1BC2CC26E9E4819
C:\Users\user\AppData\Local\Links\Calibr.ico (copy)	MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	1900CB7BD981CDD90FF47D2B05D3A8EC	6DC566803D9BDE0BE964D9049D8A28EDA54D8749	9EABB164337AE33FD873F891EB064FE24A0A8C706FABA32D1AB45E2607D5BF00
C:\Users\user\AppData\Local\Links\Crossout.ico (copy)	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	1716EA325B5A0426A9D0D3B8F46E9EBB	7BE6A62DB7E76971F95899E1A61BBD1B30390DE5	0A56962379CFAB01A4492D4CCBB45D7257E493A2F778D0F1A00A050789546A6F
C:\Users\user\AppData\Local\Links\Enlisted.ico (copy)	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	48E2A9CD8F081337351CD1EFDA38F100	F1017962F97AC1C533A988DD924C8275A7796BE7	BD231A69F035E73BF91559AB3BB689D1459D15B5AFE186A9E26AC8249C9BD788
C:\Users\user\AppData\Local\Links\InstalledLinks.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	2170341B426101FDF40C1EE71D535109	7FDF86DFB7B4CA8A8D55437DAC43C09B86D9ED5E	4BE1E43BACFFED54A4DB48EA9D0B27D8038B01E25273A913D35436203744FCB7
C:\Users\user\AppData\Local\Links\Lost_Ark.ico (copy)	MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	A552E47FAD3FD60DCDA984EACF1A1055	A9607441FD6AE3B84BBDF825EC16EBEB1F651240	A2FE698234DEBF8205FC7A90410EE4B074A07C49AE8B3C70C7F124A006EB70BA
C:\Users\user\AppData\Local\Links\Offline_Items.ico (copy)	MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	253EDDB9F0DAACE75747A736426DDC9C	FD51C992DFB1DE785FBB100E6CF1EA62E2716A85	7E8306576D2F647AAA962F72623B59B041B6E55CE7BEAC206D9F6170EC89AB76
C:\Users\user\AppData\Local\Links\Perfect_World.ico (copy)	MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	379E686024A856F0DA35F2A6AC563B36	A2569DA9FC0D43AA7B7E8CEB917B1B93E847E409	27D4A20DF717CBD77A1594654AB79F625B25E57C63F8A5592D0F498B3DB41CD2
C:\Users\user\AppData\Local\Links\Rail_Nation.ico (copy)	MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel	B6D51380877697D140012DC4B346A5CF	40F6EFB11D8D8E88771F18C80D06FF4C36DA74B1	E9C0FA9DF4BD62EADA275D67E7D79B609D6B9DA0F7921C07A7EB0DDDFB3690F9
C:\Users\user\AppData\Local\Links\SteamKeys.ico (copy)	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	87EB9C48165034DED5F5E97B1AADF0F1	B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C	A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
C:\Users\user\AppData\Local\Links\SteamKeys2.ico (copy)	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	87EB9C48165034DED5F5E97B1AADF0F1	B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C	A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
C:\Users\user\AppData\Local\Links\War_Thunder.ico (copy)	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	BA88D80B361B52CCF74A1040001E38D2	7564B7A2BA3BFA75E3664B6A3234641D2C25D531	49424D629656FB96B170DAE7CAA671ED5D746E8094ADDFCA183CC859EEC62B87
C:\Users\user\AppData\Local\Links\Warface.ico (copy)	MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	789145C717BA38B5224868D95BAC41B5	B011C718F7CCFDD3CAC15E50792E2CCA58616767	CA92E3FCC37F510ACB4E64F2E277397D0D53A050090590AC8B3C82FD2A3ACB5B
C:\Users\user\AppData\Local\Links\World_Of_Tanks.ico (copy)	Targa image data - Map 32 x 39521 x 1 +1	7675ED23B17F38B26F3F7E9115ED0C4B	0D4817EE03CAA7432FBF503EBD450C948B1E3A67	47F208F29240B4E5C7D21C1A006424A20DDD7316BD2C787D0C21B1ACAAA7B572
C:\Users\user\AppData\Local\Links\World_Of_Tanks_Ru.ico (copy)	MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	6F05D1EA449BA3BFC87A28AE9F9C778D	6180A882FE0F319CD7C600206379DCE1BA419930	C325F0525227884A8A7ECFA948BB713BFDE8D987212607B39EF6542DEC418366
C:\Users\user\AppData\Local\Links\World_Of_Warships.ico (copy)	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	570761A7E30D245758DB8C897D9B4008	2FE8F0045BC3F1549297D553999AAC31500902A6	9CCC82983E136A630F65B937C8B69D34B6B31B57D3A1862511BC6E7A6F882BB4
C:\Users\user\AppData\Local\Links\World_Of_Warships_Ru.ico (copy)	Targa image data - Map 32 x 65531 x 1 +1	933D32720FD1BFBE455DBFCAC145E47D	471565CAC051D296A2258D3F7560B0F348E7A455	DE9A8DFE847A50CCCABB873F9B4C05FBEFF5BD5A51D9C433F62B5502EDE26853
C:\Users\user\AppData\Local\Links\is-2UNQ6.tmp	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	87EB9C48165034DED5F5E97B1AADF0F1	B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C	A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
C:\Users\user\AppData\Local\Links\is-4030Q.tmp	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	48E2A9CD8F081337351CD1EFDA38F100	F1017962F97AC1C533A988DD924C8275A7796BE7	BD231A69F035E73BF91559AB3BB689D1459D15B5AFE186A9E26AC8249C9BD788
C:\Users\user\AppData\Local\Links\is-4FOIB.tmp	MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel	B6D51380877697D140012DC4B346A5CF	40F6EFB11D8D8E88771F18C80D06FF4C36DA74B1	E9C0FA9DF4BD62EADA275D67E7D79B609D6B9DA0F7921C07A7EB0DDDFB3690F9
C:\Users\user\AppData\Local\Links\is-4R2DA.tmp	MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel	789145C717BA38B5224868D95BAC41B5	B011C718F7CCFDD3CAC15E50792E2CCA58616767	CA92E3FCC37F510ACB4E64F2E277397D0D53A050090590AC8B3C82FD2A3ACB5B
C:\Users\user\AppData\Local\Links\is-5S6OB.tmp	MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	253EDDB9F0DAACE75747A736426DDC9C	FD51C992DFB1DE785FBB100E6CF1EA62E2716A85	7E8306576D2F647AAA962F72623B59B041B6E55CE7BEAC206D9F6170EC89AB76
C:\Users\user\AppData\Local\Links\is-8JGDF.tmp	Targa image data - Map 32 x 39521 x 1 +1	7675ED23B17F38B26F3F7E9115ED0C4B	0D4817EE03CAA7432FBF503EBD450C948B1E3A67	47F208F29240B4E5C7D21C1A006424A20DDD7316BD2C787D0C21B1ACAAA7B572
C:\Users\user\AppData\Local\Links\is-9ATD6.tmp	MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	A552E47FAD3FD60DCDA984EACF1A1055	A9607441FD6AE3B84BBDF825EC16EBEB1F651240	A2FE698234DEBF8205FC7A90410EE4B074A07C49AE8B3C70C7F124A006EB70BA
C:\Users\user\AppData\Local\Links\is-BN5AC.tmp	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	1716EA325B5A0426A9D0D3B8F46E9EBB	7BE6A62DB7E76971F95899E1A61BBD1B30390DE5	0A56962379CFAB01A4492D4CCBB45D7257E493A2F778D0F1A00A050789546A6F
C:\Users\user\AppData\Local\Links\is-DKHB6.tmp	MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	379E686024A856F0DA35F2A6AC563B36	A2569DA9FC0D43AA7B7E8CEB917B1B93E847E409	27D4A20DF717CBD77A1594654AB79F625B25E57C63F8A5592D0F498B3DB41CD2
C:\Users\user\AppData\Local\Links\is-G0NRQ.tmp	Targa image data - Map 32 x 56059 x 1 +1	788C5DE1CA3F7DEBBB1823FF783A1E43	87EAA23CAC63259CE99EEF44BC3CFF7695174777	118E9D651DB0723494B66C74C907111FA6B5BB648EBFF26CB1BC2CC26E9E4819
C:\Users\user\AppData\Local\Links\is-HK1LU.tmp	MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	17465E5AC8EF4EF7D8942E1EAED88B60	180B401E0C1E95C24960108649334D774A540673	456ABBCC4FCF75EC4AD6C43D4E3A007B4AB57717474DF8FB378CD0BA347E4386
C:\Users\user\AppData\Local\Links\is-ITF4A.tmp	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	9757C1521025641E9E4315E6212106F5	A79A3363C6B382DBF71C6663852E125EA7CB56B8	84421E8D61D3927B1C61BA8299BE1A7D698FF92E00944645DB04977EEBDAF6AD
C:\Users\user\AppData\Local\Links\is-L837A.tmp	MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	5F7C3B5821E9758E783E0E0912D5E060	FACAADFBF7E62907A97406A1BB57CCE8D43EEF78	805B4C1CAB106CAF2F33D15FB7C8849436DD2535457E8225938982EDB667D5F3
C:\Users\user\AppData\Local\Links\is-MD8VJ.tmp	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	87EB9C48165034DED5F5E97B1AADF0F1	B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C	A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
C:\Users\user\AppData\Local\Links\is-MFFL2.tmp	Targa image data - Map 32 x 65531 x 1 +1	933D32720FD1BFBE455DBFCAC145E47D	471565CAC051D296A2258D3F7560B0F348E7A455	DE9A8DFE847A50CCCABB873F9B4C05FBEFF5BD5A51D9C433F62B5502EDE26853
C:\Users\user\AppData\Local\Links\is-PBPOA.tmp	MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	BA88D80B361B52CCF74A1040001E38D2	7564B7A2BA3BFA75E3664B6A3234641D2C25D531	49424D629656FB96B170DAE7CAA671ED5D746E8094ADDFCA183CC859EEC62B87
C:\Users\user\AppData\Local\Links\is-RTAH9.tmp	MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel	570761A7E30D245758DB8C897D9B4008	2FE8F0045BC3F1549297D553999AAC31500902A6	9CCC82983E136A630F65B937C8B69D34B6B31B57D3A1862511BC6E7A6F882BB4
C:\Users\user\AppData\Local\Links\is-SCAA3.tmp	Targa image data - Map 32 x 41776 x 1 +1	37553947ABF9E76B4E9D60DB6EC7CA4F	8E823D2F960FFEF28B8D99FC95D7BB215DC6B96F	765AF45B34EF72FBA2639CC3A397A8D14C0C1A5EFF88B299E78EF0B507F4D9D6
C:\Users\user\AppData\Local\Links\is-T9C2I.tmp	MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	6F05D1EA449BA3BFC87A28AE9F9C778D	6180A882FE0F319CD7C600206379DCE1BA419930	C325F0525227884A8A7ECFA948BB713BFDE8D987212607B39EF6542DEC418366
C:\Users\user\AppData\Local\Links\is-UL0IH.tmp	MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel	1900CB7BD981CDD90FF47D2B05D3A8EC	6DC566803D9BDE0BE964D9049D8A28EDA54D8749	9EABB164337AE33FD873F891EB064FE24A0A8C706FABA32D1AB45E2607D5BF00
C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	74BB8D5B7E2F57DFFD90BD7EA75F0A4C	B3A02785512AE8DF7572542312EE16EB9D2BCEA0	6DE6EF862581BAA16124FA292083CC7029F989C82CB0C4D9DC6765D0A60B28A6
C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ?????? Steam.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	FEA3C9DC752F36196C0EC144EA610AA6	A069163EB3BD9841B049AC038F75139469EDF7A7	3DF0F30AF3F8A3EA538EDAFACD58F229BF288FBD7F67739C3D1C6F30B8259444
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ??????? ???????.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	8B5DE7A5D2E88BF5BBB292463AF919AE	66D01AD0CFF80478D403FB572B0C7CD66827CB89	7245A31AB65ADF389175CB358B519F1B0400560E6533BC777BB9802673F349FC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	429704C30A02EEEB6BCA4737C4A5F049	0270DC252D54A07A5C023382FE77D45A77D99B88	D8AF3EF86C63C3C2BE9E15521003B9FF03E6DE19C3F8F40E2F3B5EEC85B76B0A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ArcheAge.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	FB04930EAB081F17CC93C4818B4EC50A	53ABADAA3CDC31F45F854AACF0E0EC9CEEA65FF9	0EB0FF8039E9435B94CDB81752DEBD52C5511401432AE5A0D6C41EC586ABCB61
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Atomic Heart.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	B82B1280E3AC3D34BFC0E2BCB2136F3C	7E6E79A3C75D7EF6D4499D3FD5A5F918523ACA32	DE9EA884178BA8CED3817CF845CDC57548BA7DE70E90354DECEF7D8EF00E70C9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Battle Teams.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	ED303E62AA7CF002AF9B312617E44329	7F7D1791BF0339816D393C16392697FDE9FB1959	7B4CCF89AE57511C5E3574AC48D7455A4C567D8CCDE1BD10777ADB22B5CDC150
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood and Soul.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	82B790943297D76900156CDC675A5A5C	FB357C74E8AEB7245E41BCD23516B7F82A5C6461	60CF745D042402609C6C837042280D363311FB5FCAD6F8DBBF576C72EC637880
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	D9863F3166A330F1E42D56BF2159095C	4AA67A3BB161130740BA513CDCDC01A260B9D32E	16F4E5F3410B80279D1110AF5061E8F1E2476CEA91712929B952E8C57357A298
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	55E0F8AF18B887C971A6C0EECD9CAACD	28944B7EDDA59B3BF79EC66280314E88B6C8AD6B	E67CF3C4ACDC6AE7E8F6D5E73457702D3B3BD17A864CF17BD721C0CA5B17533B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	42F27BC39FF4069DE60A4DE7B746EE2A	4A6EE59F4B531749F637BB723DF702DDD3A36047	DB12DDFED82296BB2AD8871205C1DB102676BC7D00640AEC9FD223BE9651598A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost Ark.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	C53E898CFAAF92C3D3FF8CE028FFF105	4564556C667777755AED8F29435AECB925A1432D	122F79BE94EA7B85629B48DCC3B03259ED456A60FAA5967E67D772DE113296DF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Perfect World.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	587486DBDAD0B651E9AA098C318A764A	2EE706925949EE1272C0E86AB93EA5E96352B410	884D6808B79C38E535AFE39B7A3D72F2EB909BA70B5BFA3CA7E96587BAA21B46
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail Nation.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	2ED9666F1D760DA0B6C37CD213BC7493	526E78C554EF926739F5AE2D82D13EFD06E1E704	6CC5E8D96A6BB44AF041CFCC08F2DE833EDD25A56CC716FD34D24B3F0197AEF3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	584D8AA41028C93084A807FFDEF83880	E402336CFFDCB051FE5DBE800374AC8C57543E42	CCF91619BF39CF40250EC29285A86D1A77AF6C929FA4ECEE774778B4AA6A9F10
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	045E6596A20B1157CA271C28258E9DD3	BB6DC49AE8D0F34CAF994CF27E062D7F04F45FE3	991B852529FD431B4C4C3C586A2E6EAB59F9AF593FAFD79AB900977443CABCDA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	D13FB87AD0AC4DDAD19AC7B44177B8F4	C1EFEABB7B8D43498814B99583CAF52DA54EA38F	AE27C03BE79E4D954B34D7E756BC01118A0D2C35D2E8CD8596EAE07BA36E3DAF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	52DB739DC7BF59B14CAE537B0A1B69CA	EFD446B1366A611D899AEAB6C8289E7E46715C3E	3CE2EAD8FD120AB2A4A945F99EB54D7E4797E9864C74F9C5CEFAA26F592BB167
C:\Users\user\Desktop\???????? ?????? Steam.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	64D124DA24CE10FC4AC02350985DAB17	9B55E2BD3BBE0E3A9BEBDB778128AF9DD6E19C71	FB93AAC2A094AA07A81371B7C6EBE1EFDABE79473976FE165F68EC423B1023ED
C:\Users\user\Desktop\???????? ??????? ???????.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	6CCACF04C2DFBC2C46EE9A845B2D0389	71FA345E04DB5D1F18648D484B4A62EF2AAD55B8	B88FC6013EFC216179E46D0063924E98594605391AC4476565D8834A8F8E211A
C:\Users\user\Desktop\Aliexpress.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	403E660BDC9F74C33E1A8FD6D026B425	7EB4A8013B2DC9F95367362FB7B524D3C94C85FD	1FF2F276328545510E173EAA804D3790A19845327DD28F112C35062400E247DD
C:\Users\user\Desktop\ArcheAge.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	A3F4F3F24F858D1ACCD5CAF83F6AFE43	46F712569765AC2A97316C1A51ECA976D3A120B0	16372CE5884ECD05631703593D86CF815E42BA55ECE33B5859B478EF5F4D8154
C:\Users\user\Desktop\Atomic Heart.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	9E018DA5D240C6AC098DF82BC4349C4A	644410CBFD176B3B87912AA89B592EE02DE08D36	DBEFAACF5E0493F44A7D732199832724E7B370601076BEBEAC7EB460EA44E7F7
C:\Users\user\Desktop\Battle Teams.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	18C461A9F7B2A8E0A9E3E78BD76E20FF	EFCC61B333FD6749A20D0A88F13D7BA67F026CCC	8684D740581D7BA9F98E6AE403CFA7BC0EF92D182D77CF85BB3A2EE94DD496FD
C:\Users\user\Desktop\Blood and Soul.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	2ADF338DD71CCA93A5B6E878E4DE4329	A2335F4FA198C6231F05F9C2DF387D0316CC87A9	CB6CAB41AF878EF85E4E44C938AA29C226B581CB244EB0080E630F714C9D26BF
C:\Users\user\Desktop\Caliber.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	3CE542E89C080D8A7F48BB8B46D5501E	873529342DABE43F9F72D193A7080EC8FB8CB24E	B57AAAAABD429A8054E914D7D59BC8178DCB5EA4608D727B447B7EA56AD9A9E8
C:\Users\user\Desktop\Crossout.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	6EFA7E610753A0AD736592785B60F3CE	6071E19D214581674F77117272748A7295C799A5	CC5CA69474C429A73560FC36F76F124C88C0F3D83916313E926D861759C4E6CA
C:\Users\user\Desktop\Enlisted.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	4DBE7E2F79B3B22B5C95721B6B7ECE91	F9CFC82D8F5E80E310EE2F3406B4AF9A5E273F54	F158A20F423AF3312D5DA05D4334D9CB184DE6C7CBBC03B7210C2C318BEBB890
C:\Users\user\Desktop\Lost Ark.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	6110E7C0CA9A0DC54ECF9AAD372D1D0A	F915FE87F36E524AEDD9EFBCC4F33E341C8D1F9E	34FBB2420803EA15E92437B8203C0D86D91F1F753FB75F2AE2ED9CDEE5758C9F
C:\Users\user\Desktop\Perfect World.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	4FEF5DAE1DDA4364B7A7A7D5E2E51377	08D9762253553335C2B87E167242CF2BBB17675B	F6A51CBBCF1028BAED0477DE1365E7E986B306F15B1BF2FD90EE950B495EB017
C:\Users\user\Desktop\Rail Nation.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	9FDE91D68CB69E17A2D7713ACE78C9A7	767817821B98F4E4EAB3665A309228D6DC6CD1D7	75935CCD45004D8151A83126EE908801A17B9D31C0EA362CA35C77A015703B11
C:\Users\user\Desktop\War Thunder.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	A1416E67E25EAE6423AB565D7D068044	14A80B81D780EBE7A1580996EC3A0D609914FA11	6BC23F7714C9B0E38CFDA0EA3712268069E62AFE0E5DC90924D129787D66F67A
C:\Users\user\Desktop\Warface.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	5B76CB77146266396E204D100F374509	B997A6697C3F87DE7D804CF741300769AD5B562B	C903DDE5B5E6F147E72C6EFE65A7C8DB3708185F6A9DCCE5E80BB62F26FA106F
C:\Users\user\Desktop\World of Tanks.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	8845CB74C4ABA3BD2A755E1C41EAD85A	2A079EAB49351170805FEAE7979FE13F33D49841	D1672A64F827F97BDDB16599E7CEC0C9EF3D4C3A76AC4DFFC0E6B3BF93012753
C:\Users\user\Desktop\World of Warships.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	B86E6AAC01A842A1180ACFC7AF09CE17	0EC311EABDB0E73A32790BF54871178F1EA6B4EA	DFF820CF833BF11BB4BE075457AB6460632C7F026015CC773A867F7944723645

Compliance

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

File created: C:\Users\user\AppData\Local\Links\InstalledLinks.txt

Jump to behavior

Source: unknown

HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io

Source: global traffic

HTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io

Source: unknown

DNS traffic detected: queries for: ipinfo.io

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000221A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117781167.000000000063A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AEC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/country
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117781167.000000000063A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/countryry
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stvkr.com/click-
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://terra.im/gl/?cid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.0000000002374000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000023AB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://terra.im/gl/?cid=&oid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000236B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Atomic Heart.lnk.1.dr, Atomic Heart.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000233E000.00000004.00001000.00020000.00000000.sdmp, Battle Teams.lnk0.1.dr, Battle Teams.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000022E6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=testt
Source: Blood and Soul.lnk0.1.dr, Blood and Soul.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash=
Source: War Thunder.lnk.1.dr, War Thunder.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Tanks.lnk0.1.dr, World of Tanks.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash=
Source: Warface.lnk.1.dr, Warface.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Warships.lnk.1.dr, World of Warships.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash=
Source: Aliexpress.lnk0.1.dr, Aliexpress.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, ArcheAge.lnk.1.dr, ArcheAge.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash=
Source: Crossout.lnk.1.dr, Crossout.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash=
Source: Enlisted.lnk0.1.dr, Enlisted.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Perfect World.lnk0.1.dr, Perfect World.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash=
Source: Rail Nation.lnk.1.dr, Rail Nation.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash=
Source: Lost Ark.lnk0.1.dr, Lost Ark.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash=
Source: Caliber.lnk0.1.dr, Caliber.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash=
Source: ???????? ??????? ???????.lnk0.1.dr, ???????? ??????? ???????.lnk.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000002.2118833941.00000000032CE000.00000004.00000020.00020000.00000000.sdmp, ???????? ?????? Steam.lnk.1.dr, ???????? ?????? Steam.lnk0.1.dr	String found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash=

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

Source: World of Tanks.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash="
Source: World of Tanks.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash="
Source: World of Warships.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash="
Source: World of Warships.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash="
Source: Perfect World.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash="
Source: Perfect World.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash="
Source: ArcheAge.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash="
Source: ArcheAge.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash="
Source: Atomic Heart.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash="
Source: Atomic Heart.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash="
Source: Battle Teams.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash="
Source: Battle Teams.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash="
Source: Aliexpress.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash="
Source: Aliexpress.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash="
Source: Blood and Soul.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash="
Source: Blood and Soul.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash="
Source: Caliber.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash="
Source: Caliber.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash="
Source: Crossout.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash="
Source: Crossout.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash="
Source: Enlisted.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash="
Source: Enlisted.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash="
Source: Lost Ark.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash="
Source: Lost Ark.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash="
Source: ???????? ??????? ???????.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash="
Source: ???????? ??????? ???????.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash="
Source: Rail Nation.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash="
Source: Rail Nation.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash="
Source: ???????? ?????? Steam.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash="
Source: ???????? ?????? Steam.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash="
Source: War Thunder.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash="
Source: War Thunder.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash="
Source: Warface.lnk.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash="
Source: Warface.lnk0.1.dr	LNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash="

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.0000000002503000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.005af3651.12124.22502.exe
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FE3F000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean13.winEXE@3/77@1/1

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe

File created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Process created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp "C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp" /SL5="$1044A,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Process created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp "C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp" /SL5="$1044A,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: shfolder.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: rstrtmgr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: explorerframe.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: winhttpcom.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: webio.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: schannel.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: mskeyprotect.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: ncryptsslp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: mlang.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Section loaded: propsys.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: World of Tanks.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: World of Tanks.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: World of Warships.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: World of Warships.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Perfect World.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Perfect World.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ArcheAge.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ArcheAge.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Atomic Heart.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Atomic Heart.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Battle Teams.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Battle Teams.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Aliexpress.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Aliexpress.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Blood and Soul.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Blood and Soul.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Caliber.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Caliber.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Crossout.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Crossout.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Enlisted.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Enlisted.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Lost Ark.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Lost Ark.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ???????? ??????? ???????.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ???????? ??????? ???????.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Rail Nation.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Rail Nation.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ???????? ?????? Steam.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ???????? ?????? Steam.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: War Thunder.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: War Thunder.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Warface.lnk.1.dr	LNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Warface.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Jump to behavior

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Static file information: File size 2362910 > 1048576

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	File created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmp			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

File created: C:\Users\user\AppData\Local\Links\InstalledLinks.txt

Jump to behavior

Boot Survival

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood and Soul.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost Ark.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ??????? ???????.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail Nation.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ?????? Steam.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Perfect World.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ArcheAge.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Atomic Heart.lnk			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Battle Teams.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmp

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp TID: 4524

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117406159.0000000000700000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006BD000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

Process information queried: ProcessInformation

Jump to behavior