Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Adware.005af3651.12124.22502.exe

Overview

General Information

Sample name:SecuriteInfo.com.Adware.005af3651.12124.22502.exe
Analysis ID:1427002
MD5:4c7fc3ea97b821d36545c3957b2d0da2
SHA1:fe1d2a4867e4ac58d7f06857c6d506b16879ee40
SHA256:6de058a8f8cba3bcec77779e831796f64a46ebccecc4f01d22179e78b6f7ef2f
Tags:exe
Infos:

Detection

Score:13
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Windows shortcut file (LNK) contains suspicious command line arguments
Drops PE files
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries keyboard layouts
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Local\Links\InstalledLinks.txtJump to behavior
Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: unknownDNS traffic detected: queries for: ipinfo.io
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000221A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drString found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117781167.000000000063A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/country
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117781167.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/countryry
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stvkr.com/click-
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://terra.im/gl/?cid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.0000000002374000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000023AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://terra.im/gl/?cid=&oid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000236B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=$
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Atomic Heart.lnk.1.dr, Atomic Heart.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000233E000.00000004.00001000.00020000.00000000.sdmp, Battle Teams.lnk0.1.dr, Battle Teams.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000022E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=testt
Source: Blood and Soul.lnk0.1.dr, Blood and Soul.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash=
Source: War Thunder.lnk.1.dr, War Thunder.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Tanks.lnk0.1.dr, World of Tanks.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash=
Source: Warface.lnk.1.dr, Warface.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Warships.lnk.1.dr, World of Warships.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash=
Source: Aliexpress.lnk0.1.dr, Aliexpress.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, ArcheAge.lnk.1.dr, ArcheAge.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash=
Source: Crossout.lnk.1.dr, Crossout.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash=
Source: Enlisted.lnk0.1.dr, Enlisted.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Perfect World.lnk0.1.dr, Perfect World.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash=
Source: Rail Nation.lnk.1.dr, Rail Nation.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash=
Source: Lost Ark.lnk0.1.dr, Lost Ark.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash=
Source: Caliber.lnk0.1.dr, Caliber.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash=
Source: ???????? ??????? ???????.lnk0.1.dr, ???????? ??????? ???????.lnk.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash=
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000002.2118833941.00000000032CE000.00000004.00000020.00020000.00000000.sdmp, ???????? ?????? Steam.lnk.1.dr, ???????? ?????? Steam.lnk0.1.drString found in binary or memory: https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash=
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

barindex
Windows shortcut file (LNK) contains suspicious command line arguments
Source: World of Tanks.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash="
Source: World of Tanks.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash="
Source: World of Warships.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash="
Source: World of Warships.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash="
Source: Perfect World.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash="
Source: Perfect World.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash="
Source: ArcheAge.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash="
Source: ArcheAge.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash="
Source: Atomic Heart.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash="
Source: Atomic Heart.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash="
Source: Battle Teams.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash="
Source: Battle Teams.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash="
Source: Aliexpress.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash="
Source: Aliexpress.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash="
Source: Blood and Soul.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash="
Source: Blood and Soul.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash="
Source: Caliber.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash="
Source: Caliber.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash="
Source: Crossout.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash="
Source: Crossout.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash="
Source: Enlisted.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash="
Source: Enlisted.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash="
Source: Lost Ark.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash="
Source: Lost Ark.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash="
Source: ???????? ??????? ???????.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash="
Source: ???????? ??????? ???????.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash="
Source: Rail Nation.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash="
Source: Rail Nation.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash="
Source: ???????? ?????? Steam.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash="
Source: ???????? ?????? Steam.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash="
Source: War Thunder.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash="
Source: War Thunder.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash="
Source: Warface.lnk.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash="
Source: Warface.lnk0.1.drLNK file: url,OpenURL "https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash="
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.0000000002503000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.005af3651.12124.22502.exe
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FE3F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.005af3651.12124.22502.exe
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: clean13.winEXE@3/77@1/1
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeFile created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmpJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp "C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp" /SL5="$1044A,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp "C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp" /SL5="$1044A,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: World of Tanks.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: World of Tanks.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: World of Warships.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: World of Warships.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Perfect World.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Perfect World.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ArcheAge.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ArcheAge.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Atomic Heart.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Atomic Heart.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Battle Teams.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Battle Teams.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Aliexpress.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Aliexpress.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Blood and Soul.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Blood and Soul.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Caliber.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Caliber.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Crossout.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Crossout.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Enlisted.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Enlisted.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Lost Ark.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Lost Ark.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ???????? ??????? ???????.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ???????? ??????? ???????.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Rail Nation.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Rail Nation.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: ???????? ?????? Steam.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: ???????? ?????? Steam.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: War Thunder.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: War Thunder.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: Warface.lnk.1.drLNK file: ..\..\..\Windows\system32\rundll32.exe
Source: Warface.lnk0.1.drLNK file: ..\..\..\..\..\..\..\Windows\system32\rundll32.exe
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallJump to behavior
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeStatic file information: File size 2362910 > 1048576
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeFile created: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Local\Links\InstalledLinks.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood and Soul.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost Ark.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ??????? ???????.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail Nation.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ?????? Steam.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Perfect World.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ArcheAge.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Atomic Heart.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Battle Teams.lnkJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp TID: 4524Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117406159.0000000000700000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmpProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
DLL Side-Loading		NTDS2
System Owner/User Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials11
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Adware.005af3651.12124.22502.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp8%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.dk-soft.org/0%URL Reputationsafe
http://www.remobjects.com/ps0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipinfo.io
34.117.186.192
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://ipinfo.io/countryfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.innosetup.com/SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drfalse
        		unknown
        https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000233E000.00000004.00001000.00020000.00000000.sdmp, Battle Teams.lnk0.1.dr, Battle Teams.lnk.1.drtrue
          		unknown
          https://stvkr.com/click-SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash=War Thunder.lnk.1.dr, War Thunder.lnk0.1.drtrue
              		unknown
              https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash=Crossout.lnk.1.dr, Crossout.lnk0.1.drtrue
                		unknown
                https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash=Caliber.lnk0.1.dr, Caliber.lnk.1.drtrue
                  		unknown
                  https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash=Aliexpress.lnk0.1.dr, Aliexpress.lnk.1.drtrue
                    		unknown
                    https://terra.im/gl/?cid=$SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000222D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003B08000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003AB2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116510949.0000000003A8C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpfalse
                      		unknown
                      http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSecuriteInfo.com.Adware.005af3651.12124.22502.exefalse
                        		high
                        https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash=Enlisted.lnk0.1.dr, Enlisted.lnk.1.drtrue
                          		unknown
                          https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash=Rail Nation.lnk.1.dr, Rail Nation.lnk0.1.drtrue
                            		unknown
                            https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash=Warface.lnk.1.dr, Warface.lnk0.1.drtrue
                              		unknown
                              https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Tanks.lnk0.1.dr, World of Tanks.lnk.1.drtrue
                                		unknown
                                https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, World of Warships.lnk.1.dr, World of Warships.lnk0.1.drtrue
                                  		unknown
                                  https://ipinfo.io/countryrySecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2117781167.000000000063A000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Perfect World.lnk0.1.dr, Perfect World.lnk.1.drtrue
                                      		unknown
                                      https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000002.2118833941.00000000032CE000.00000004.00000020.00020000.00000000.sdmp, ???????? ?????? Steam.lnk.1.dr, ???????? ?????? Steam.lnk0.1.drtrue
                                        		unknown
                                        http://www.dk-soft.org/SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1986661885.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.2119159015.000000000221A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.1989715448.00000000031D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000234C000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, ArcheAge.lnk.1.dr, ArcheAge.lnk0.1.drtrue
                                          		unknown
                                          https://terra.im/gl/?cid=&oid=$SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.0000000002374000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000023AB000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash=Lost Ark.lnk0.1.dr, Lost Ark.lnk.1.drtrue
                                              		unknown
                                              https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash=???????? ??????? ???????.lnk0.1.dr, ???????? ??????? ???????.lnk.1.drtrue
                                                		unknown
                                                https://yagoaway.ru/gl/?cid=&oid=$SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.000000000236B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash=SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116021399.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Atomic Heart.lnk.1.dr, Atomic Heart.lnk0.1.drtrue
                                                    		unknown
                                                    http://www.remobjects.com/psSecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987168138.00000000023E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.exe, 00000000.00000003.1987558495.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000000.1988553315.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.005af3651.12124.22502.tmp.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash=Blood and Soul.lnk0.1.dr, Blood and Soul.lnk.1.drtrue
                                                      		unknown
                                                      https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=testtSecuriteInfo.com.Adware.005af3651.12124.22502.tmp, 00000001.00000003.2116715289.00000000022E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        34.117.186.192
                                                        		ipinfo.ioUnited States
                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1427002
                                                        Start date and time:2024-04-16 21:35:11 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 4m 52s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:7
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:SecuriteInfo.com.Adware.005af3651.12124.22502.exe
                                                        Detection:CLEAN
                                                        Classification:clean13.winEXE@3/77@1/1
                                                        EGA Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 0
                                                        • Number of non-executed functions: 0
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • VT rate limit hit for: SecuriteInfo.com.Adware.005af3651.12124.22502.exe

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        21:36:08API Interceptor2x Sleep call for process: SecuriteInfo.com.Adware.005af3651.12124.22502.tmp modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                        • ipinfo.io/json
                                                        SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                        • ipinfo.io/json
                                                        Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                        • ipinfo.io/ip
                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                        • ipinfo.io/
                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                        • ipinfo.io/
                                                        w.shGet hashmaliciousXmrigBrowse
                                                        • /ip
                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                        • ipinfo.io/ip
                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                        • ipinfo.io/ip
                                                        uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                        • ipinfo.io/ip
                                                        8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                        • ipinfo.io/ip

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        ipinfo.io7AdIyN5s2K.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                        • 34.117.186.192
                                                        YUoiqJo8Sk.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        JR58WqLhRl.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        https://cloudflare-ipfs.com/ipfs/QmSFdBWsgwFRtCzNJSbX1pf4C4Wg5j9DAoah1hHZDA7Qzz/#david.embretsen@skolverket.se&id=71de&rcpt=david.embretsen@skolverket.se&tss=1713181249&msgid=f1e0bd0e-fb1c-11ee-adc9-0050569b30f3&html=1&h=5b858140Get hashmaliciousHTMLPhisherBrowse
                                                        • 34.117.186.192
                                                        SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exeGet hashmaliciousGlupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                        • 34.117.186.192

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSG7AdIyN5s2K.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                        • 34.117.186.192
                                                        YUoiqJo8Sk.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        JR58WqLhRl.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                        • 34.117.223.223
                                                        https://jdwgzjhn0u5.larksuite.com/wiki/AngWwsz43i90s7kAgQSu97jcskh?from=from_copylinklGet hashmaliciousHTMLPhisherBrowse
                                                        • 34.117.97.41

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        a0e9f5d64349fb13191bc781f81f42e120240416-703661.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                        • 34.117.186.192
                                                        hta.htaGet hashmaliciousUnknownBrowse
                                                        • 34.117.186.192
                                                        2.htaGet hashmaliciousUnknownBrowse
                                                        • 34.117.186.192
                                                        3.htaGet hashmaliciousUnknownBrowse
                                                        • 34.117.186.192
                                                        7AdIyN5s2K.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        TransactionSummary_206010200006576_310324101244.xlsxGet hashmaliciousUnknownBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                        • 34.117.186.192
                                                        YUoiqJo8Sk.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 34.117.186.192
                                                        z69ClienteNFe-Faturada-15042024.msiGet hashmaliciousMicroClipBrowse
                                                        • 34.117.186.192

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmpEmcon.Zvit.2.0.exeGet hashmaliciousUnknownBrowse
                                                          SecuriteInfo.com.FileRepPup.2542.22578.exeGet hashmaliciousUnknownBrowse
                                                            SecuriteInfo.com.FileRepPup.2542.22578.exeGet hashmaliciousUnknownBrowse
                                                              Emcon.Zvit.2.0.exeGet hashmaliciousUnknownBrowse
                                                                SecuriteInfo.com.Program.Unwanted.5412.26753.681.exeGet hashmaliciousPureLog StealerBrowse
                                                                  SecuriteInfo.com.Program.Unwanted.5412.26753.681.exeGet hashmaliciousHawkEye, PureLog StealerBrowse
                                                                    my0qkzrWqy.rtfGet hashmaliciousUnknownBrowse
                                                                      sUe62S79Mb.rtfGet hashmaliciousUnknownBrowse
                                                                        MDE_File_Sample_fbc11f506d4b8a1c3077fd43f6560883e512cf72.zipGet hashmaliciousUnknownBrowse
                                                                          https://www2.technoteam.de/rigo801/software/freetools/Converter801/Setup-Converter801_v.1.8.0.exeGet hashmaliciousUnknownBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Links\Aliexpress.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):127495
                                                                            Entropy (8bit):6.196066933594974
                                                                            Encrypted:false
                                                                            SSDEEP:768:LdKpp5jextXicch+Su0GGKlrspyLS0xAIvf6QMZPhxmsJLAkz182xmsVspLmOaam:vkH+BpdspJ0xnfcCvO5utY
                                                                            MD5:9757C1521025641E9E4315E6212106F5
                                                                            SHA1:A79A3363C6B382DBF71C6663852E125EA7CB56B8
                                                                            SHA-256:84421E8D61D3927B1C61BA8299BE1A7D698FF92E00944645DB04977EEBDAF6AD
                                                                            SHA-512:57B4459077BE18CE011133705063CEED31DF8D53F8146204F8E73CEFF811C4F24AF9DC65D475C825B65BB21192D5B3FE76835EAB2B972B8221FBF286967C305B
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ ..l..f......... .(....l..@@.... .(B..'u..00.... ..%..O... .... ............... .h........PNG........IHDR.............\r.f..l`IDATx..}w.....gf..( $...AB.(2&...c.mp....s:..|...g....3.9..d..,..I......6.t.......=.....-}.v..........f.hC...6...mhC...6...mhC...6...mhC...6...mhC.......H......XL68.."C..S.="...,.;.~..0.?.H.'....GY.}].......2...g.h.x.`.(..........(96...[.@..L.....(....V..N.\....`.#........B.-..........1..........T.....-...G......%'.... ..Gk..}...>..3.7.2....w....6.`...8p}.n(.T..N.8.6{4....w..6.x|5..g(..WX...X...7...?....X.Mt[....{..1.Cpm..*.{8.o....e..P]t.0.X;...h.;.&t......aro..a......C..."r4ZS......I.G.h..F.....I_T....}D...a.k...:...}C#.sd.......c...w..S...F..V.6F;..~.{L.M_.~.;.z.....C|......f..}KacoG../..7e`........)z.......].....X....bcy9....;.u.+........}f..j=;.o.bn.o.;].Tj...a.7..Z.o.....c."....k.c.Eb......N.?.q.L?ZLB.....d~......h..l.;.....v..G..p5..j7..f.".....*.6..g...z|$..6........^...).....;.6...s9...Y.[.

                                                                            C:\Users\user\AppData\Local\Links\Arche_Age.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 41776 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):139366
                                                                            Entropy (8bit):7.769766610849165
                                                                            Encrypted:false
                                                                            SSDEEP:3072:L8Nr2pMnt5d73e3JUsk7KHvwM9yycKDZqP5HxLgo1:L8Nr2Itj7mJ8u4zyxwzb1
                                                                            MD5:37553947ABF9E76B4E9D60DB6EC7CA4F
                                                                            SHA1:8E823D2F960FFEF28B8D99FC95D7BB215DC6B96F
                                                                            SHA-256:765AF45B34EF72FBA2639CC3A397A8D14C0C1A5EFF88B299E78EF0B507F4D9D6
                                                                            SHA-512:C1756EC19AB0D028346B90C87C63E0A87977C7751A9E584B3429B7EE01B283417431F4E1437D7AE007DBBE2BA14CB271BDF42FD954FE3A340B14104EC43E8499
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ .0...V...@@.... .(B......00.... ..%...... .... .....V......... .h........PNG........IHDR.............\r.f....IDATx..}..\.......Kv..d.q!I...]...w)P..).B....kp......B.....f.......f7I..k..fO>...y...|...O@..K.l."l...~.'.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../.....Pj&.a.........4...vV.e.K.Ha.}....>...G....][...+.dh!.[.?^xd.D....0.....7/....K?...d.v.X........f.^.39.....dcv4.p.....w>]=.2..A5......'...O.'.c.hc...U@.....3.xF+.K.Ywl....t.{.W7.uW.U....}.?.....H.9..k.'q.hY..T.f...a.d..dQ..Z..e.B (Uv...:..M...|.}.?..y.h..w.l..{x.h.o....Cv)Z..Kp........$....gM......>s...}.?.....H.=y...J.._.K0..Z....[..8...."D.8........~a.mI....~w....<2L..S........b.G..i.. j...a..!.-..87o.gc..T.T._..a.L.q..fL;k..>..\...\.;c8:.t.td>4..?.z.|.K.....T;kBv@.o.....#..b=..k..S......gz.8*.s^z<.d.HM3...Wm....%.<..1*..&.U.Y...C.iF...2.Q.....H6X..y.....np.RzJ...d

                                                                            C:\Users\user\AppData\Local\Links\Atomic_Heart.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):167967
                                                                            Entropy (8bit):7.758469781882347
                                                                            Encrypted:false
                                                                            SSDEEP:3072:wYvKeEskYu4XyGdfJyzDOWxk4QuPTymeurdTdDK+DYbUvvDrGBezsCSrLsNZ850y:lKeEskYu2xSOWxkRubOur2yHVNZBgt
                                                                            MD5:17465E5AC8EF4EF7D8942E1EAED88B60
                                                                            SHA1:180B401E0C1E95C24960108649334D774A540673
                                                                            SHA-256:456ABBCC4FCF75EC4AD6C43D4E3A007B4AB57717474DF8FB378CD0BA347E4386
                                                                            SHA-512:108F492F42AC638E645A0171DBFB1236DC3CD5822BFB9612D4D523141DA5C9E7B33345F22EB03C83C5DDD8A05881689D5B096477684A7A42C4D67286DC02ECAF
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:...... ......................h...^...``.......p...... ..........n...........H...............(...^...........h............. ..q.....@@.... .(B......00.... ..%...P..((.... .h....u..(... ...@......................................................................."...#...+... .....#..."...*.......1.#.&.*.%.2./.$.:.(.;.4.0.$##.)%&.-**.3$-.0--."&3.3 5.:%3.0/4.?*4.3#:.=+;.-3=.633.955.769.<:;.C/:.B3=.I4?.@=>...H.%.G.*.F.2.F.&.U.).X..+I..3U.$%@.7%E.,2A.17@.+ X.;'Y.$9Y.89S.).e.2.k.+.v.-#n.:'f.:7j.<)t.<>p.G8G.E4V.P=V.@.j.E9k.H7s.,B[.?BU.-Cc.)Gl.0Dg.4Qm.?Pl.)Jr.5Qs.9Tt.2U}.?Xz.ECC.IFF.BCI.NBI.GHN.NKK.SBL.PMN.BDS.NFT.AIU.CEZ.KDY.YFQ.UKQ.YKR.RD^.WO\.\L\.URR.[WW.VV].^R[.\Z[.cR\.b[^.@Oa.LOj.WFd.MPm.UUh.QAw.CYv.GRz.TXu.fXg.q_i.gYu.]i}.dbb.hde.ndj.mkk.qbj.pln.hjw.uht.urs.xuu.wq~.}t{.}yz..u{..|~.-...1...0...:$..3 ..9 ..O;../Y..:Y..9e..NH..gZ..`S..Ac..\e..Tp..Vj..Hp..Er..Hu..^~..hk..tg..jv..{v..tz...w..sz..cw..mq..j|..b|..i...pt..Dw..N...hy...y......w...z.......X...P...W...X...[...d...v...n...{...d.....

                                                                            C:\Users\user\AppData\Local\Links\Battle_Teams.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):21366
                                                                            Entropy (8bit):7.923035970136854
                                                                            Encrypted:false
                                                                            SSDEEP:384:Ig46j7z/57zhTIh9EBjOP8c6KR6k351bxR8biituFdUo/csBDJwjDc846+p:Ig9/zplTIh9EBSP8c6KYg5ffitOpc6Jn
                                                                            MD5:5F7C3B5821E9758E783E0E0912D5E060
                                                                            SHA1:FACAADFBF7E62907A97406A1BB57CCE8D43EEF78
                                                                            SHA-256:805B4C1CAB106CAF2F33D15FB7C8849436DD2535457E8225938982EDB667D5F3
                                                                            SHA-512:CAD9321E7F7D1B29309F5FA4AC3B62C8D3596E30F71BE88E6DCDDB03646FC4FF91A9F84DAA70AACBDBD0058D1F8F0BCB63A12643E76639DEBFEC69DF28EE6B56
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ .....v......... .+...*... .... .8...U...00.... .........@@.... .....e......... ......$........ .....s?...PNG........IHDR................a...{IDATx.}SMH.Q.=.}o|.Z.VH..3h.B...q.D...Z...r...P..!.Z..*....U....r A.r.ZHY.:.7~...i..F....9...X.$......,._l..../! )........zz.....C..gG.....ys.&...Z0.ZZ<..I9H.&.K$.|..H..8t.9wjk..).o<.......[..*..........rOvph(s.^.h.r...J.P........2....imLi4.ELkd.;......PT...`..@xF..vUCi.,...].".=.Y.X..C..O..U.. ..7Dy.......z[:...%.K%...............?m.'....._..........li.Tg<.....dL.R:.>....;.6...}.e....W..s..v...#..T..=....eK..... ........:.53...6.3f.Pv......&......8.J$.h.5...@...`jj2fL0i..1.....#..Iv....]...X.B/...b..c_...hey...D..z.}.n..~[....Xk...Y..-...I>._t..H..5...@.." .dr...l<...._.T,Z^.#./..S.../.y..`E..t....`N.~......IEND.B`..PNG........IHDR..............w=.....IDATx..UKh.U.....g&.8I.J.R..S."E.b..m.>@.1.-.V.....\8....H."}..>.E......"..}XKE..HIg....|.:.c. DzV.{.....{..-6Y.!.... ......$........-.R.n..6..I.O.

                                                                            C:\Users\user\AppData\Local\Links\Blood_and_Soul.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 56059 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):221289
                                                                            Entropy (8bit):7.4944997152221
                                                                            Encrypted:false
                                                                            SSDEEP:3072:rv6WXQ34qq7Sy/l09G8tnqMgVEFXuFZozPlbaRS8XD34FfFFAftq1tUYt:rxXQ3y/CDtRFyYaR9XL4VFFA+vt
                                                                            MD5:788C5DE1CA3F7DEBBB1823FF783A1E43
                                                                            SHA1:87EAA23CAC63259CE99EEF44BC3CFF7695174777
                                                                            SHA-256:118E9D651DB0723494B66C74C907111FA6B5BB648EBFF26CB1BC2CC26E9E4819
                                                                            SHA-512:746E6464EA1D08F427A6FF3B281F871AC30167C1B80AB80EBA08F8F323BA6D70D6C1AFE1D6BAF21F919DFBAFF042BDF6A467E00D6F079BFDBCFF628FA1A9BFBC
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ .....f......... .(...a...@@.... .(B......00.... ..%...%.. .... .....YK........ .h....\...PNG........IHDR.............\r.f....IDATx...eIv......|..1ed..YY..*.P.Y @...D4[.u....e2.....I....'=.L&.d&...H6H6. ....j@eU...1..{ow_zp...{#.@.E.p.=go..k...%..............LAD.! X.s.cP.........zD......1...h....~V.{..|..k...u...+..y..w....K"..\......@..@.....^..1.u.F*T".`"`".@..vO.{.FD.#......#...w^....X/_....._~@..x..=.. .tK""...B.......}l.@.....{........7..pv...7......q..c.T,...V.o.cD5@.7K....h ...._...T.,..EU..B..=h........1...n.l.K4.....?O..A.../..E.\./mSS/...1.......&=y.........,NX,..........QP.c\.1..XkA..c..^z..............1 b...EE....]?L...C......J...M........k.....{.^.."....._.k<v>g..,... .`.K......&..&-...H6..F...q.R.#P.s..f.)......_.k.}$W.H......K..?...v..K.......%.zN5.`]..".t...1D".....`.C../.....FI.A........_........'.-.....#.X..#.....c,.Hzt...s&....Ac$....b.m....,..W.F.F.(1(.,.F.L5F\..G.....@......u....p.<QC~l.#....6Y.%....v..X.

                                                                            C:\Users\user\AppData\Local\Links\Calibr.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):155079
                                                                            Entropy (8bit):7.640516418052588
                                                                            Encrypted:false
                                                                            SSDEEP:3072:0bhy4jGKveJsn1rQOstIrDbarja1fiDQh0zEywtQhY4HHlWWTOUHByaz:0TZveCdQOIIfbiWiYQ7nIWTOUhyaz
                                                                            MD5:1900CB7BD981CDD90FF47D2B05D3A8EC
                                                                            SHA1:6DC566803D9BDE0BE964D9049D8A28EDA54D8749
                                                                            SHA-256:9EABB164337AE33FD873F891EB064FE24A0A8C706FABA32D1AB45E2607D5BF00
                                                                            SHA-512:CF80A2F356959A0DEEB1E65884EE03CD485199E0A0293CE18D07B911070EB86FA9BF6E8356F5174C3C270659C6D189E8548268883CBEB902774115F1DBAD49E3
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:...... ......................(.......00.............. ......................h...6......... ......!..@@.... .(B..?...00.... ..%..g...((.... .h....... .... .....w8........ ......I........ ......R........ .h..._Y..(... ...@......................................................................................................wwp...........pqq%...........swwwsSC........twwwww..........w..wwwv..Sp....w..t.ww.www.....x....ww..Awwp...x...wp....wwp..w.w..wvwv...ww..w...wC..Cw0.w...w.p.p.$..@w.w.p.w......%..www.pwwxpw.P`C..pww..wwwsp...pCCC.x..wwwtpBP`.....x..ww6w0a@4..a..G..w.PwP%$4.@%.p...w.0w44%.BPp.p...wxrGp....`d.p.....pCp....%..pH.x.xs@w..4$..wp..p....'p.ppp.x ..p.x.p..p@..qx.....x.swqg.Gq..x..........xwpx...x...x...ww.`....p.........$.............w7.x..........................x................x.........................................?...................................................................................................?............(....... .................................

                                                                            C:\Users\user\AppData\Local\Links\Crossout.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):105166
                                                                            Entropy (8bit):7.7139071879226995
                                                                            Encrypted:false
                                                                            SSDEEP:3072:PKCynz7MEh8NItezQf/NNAzNOSfaCY7iqhNzH71R5SVMIhk7gNui:PKCGzYBnUHNS3CDWQdH7g/5Yi
                                                                            MD5:1716EA325B5A0426A9D0D3B8F46E9EBB
                                                                            SHA1:7BE6A62DB7E76971F95899E1A61BBD1B30390DE5
                                                                            SHA-256:0A56962379CFAB01A4492D4CCBB45D7257E493A2F778D0F1A00A050789546A6F
                                                                            SHA-512:26F4AA571469A5BD0FDDD122AF43D05FADDEB65537B93CE68397B2A0EDC87D7D18AC9E0A9AC1372113777C3173DA5CFD65032E16306F88432D3FADDAA4C7E761
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ .h...V......... ............... ..9..F... .... ......G..@@.... .(B...X..(....... ..... .........................+...+...+...+...+...+...+...+...+...+...+...+...+...+...+...+...+....Zp.....%...+....g...Yo..%-..")..Qe..h..+...#........").+...+....M`..9G...".&....'0..................)2."....m.......$,.+...+...&....8E..&/...&.#....HY..n...Yo..9F..|.......ay..$,.'...+...+...(...&....#+......").&...+...+...!............BR.'...+...+...+....]s..."......")......$,.(...#............#+......Xn..t..+...+....IZ......9G.%....."...&..............#+.'....=K......Ob.+...+....,6......Vk.+...%................#+.'...+....c{......9F.+...+............K].+...$............#*.%...'...+....\s......!(.+...+....Yo......AQ.#............#*.$....0:...%.&....Ti......Pd.+...+....`w......u...........").'...)....4@.......$."....!(..d|.+...+...*...!............").&...+...+...&....5A.......#.$...)...+...+...$....0;......").#....FV..;I..IZ..7D..u...6C.......".&...+...+....r...2=..!(.'....M_...................

                                                                            C:\Users\user\AppData\Local\Links\Enlisted.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):119089
                                                                            Entropy (8bit):7.89966085473611
                                                                            Encrypted:false
                                                                            SSDEEP:3072:7e99XxN3lq1D3g8No7h9+VSoYD6ySVYCzs/caE:q9xtqq8N0yVJa6ziCAcaE
                                                                            MD5:48E2A9CD8F081337351CD1EFDA38F100
                                                                            SHA1:F1017962F97AC1C533A988DD924C8275A7796BE7
                                                                            SHA-256:BD231A69F035E73BF91559AB3BB689D1459D15B5AFE186A9E26AC8249C9BD788
                                                                            SHA-512:65E5C193026F5947DC72A01C0BFE7EF4055DC433243B054D323287A8990F457F9B87B893EA7DFACF585170C2A51632E053F36CC5DD870FDD1E69168650399BF7
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ......D..(....... ..... ............................]..................'...-...0...0...-...(... ................]............."?...1...7...G...L...G...C...7...2.!$@.................#%7...(..3e.dhy.%*P...X...l...i...S.#)N.fj{.27g...+.'(:...!.;>V.|}..03P...`.ox..dp..?O....}...|.;L~.dp..ox....`./2O.{|..ABZ...5.QU{.uy..$+e.Rb..5J..Li..[...Z...Mj..3H..Sc..#)d.vz..VY....=...$...C..6..jx..h...R{...-..3c..4d...,..Kt..i...hv..18....J...,...)...@...f.DU......~....C...?...=...@..{.......IY....l...I...0...+...C...Y.&6}.~...N....D...F...D...B..N...~...*:....c...O...8...)...8.@Jj.r...0L.......9...C...F...>...4..2N..u...IQo...C...7...5.`d{.........n...w...i....H...J..f...t...m...........hk....>...4.)0d.*3{.+8..CS..........3`../]..........GX..3>..2:..38o...=.......'...=.)0f.NX..(9..Rm..d...^...To..+<..QZ..06m...G...3...$.......-.15Z.$+i...l...}.&4..........(7....~...s.*/p.69`...4..........!7...2...3...G...W...m...........h...

                                                                            C:\Users\user\AppData\Local\Links\InstalledLinks.txt

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):272
                                                                            Entropy (8bit):4.386150586492839
                                                                            Encrypted:false
                                                                            SSDEEP:6:BCAIQYFM3yAvDZl6QktMBMyJTEk+K8j5mjURXJRIAA5h+n:BCAIQNl8KMyJajojUx/96+n
                                                                            MD5:2170341B426101FDF40C1EE71D535109
                                                                            SHA1:7FDF86DFB7B4CA8A8D55437DAC43C09B86D9ED5E
                                                                            SHA-256:4BE1E43BACFFED54A4DB48EA9D0B27D8038B01E25273A913D35436203744FCB7
                                                                            SHA-512:30CE98A905436C7B73BE08D6F538D88F039E0BBFD66C269E932EC960A0C3B361A45BF962B905D9551D39D579E1F449E60EA4E21268801CA3763D91D2532A4729
                                                                            Malicious:false
                                                                            Preview:.aliexpress..blood_and_soul..calibr..crossout..enlisted..lost_ark..offline_items..rail_nation..steamkeys..steamkeys2..war_thunder..warface..world_of_tanks..world_of_tanks_ru..world_of_warships..world_of_warships_ru..perfect_world..arche_age..atomic_heart..battle_teams..

                                                                            C:\Users\user\AppData\Local\Links\Lost_Ark.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):123419
                                                                            Entropy (8bit):7.902599099392098
                                                                            Encrypted:false
                                                                            SSDEEP:3072:LTz2icC/yuC/YaMoizlFfm2DLBdwshcKvfIr9gYM9wqVOGKh:LpvW/Yagzvfm2fBdwsLISpsH
                                                                            MD5:A552E47FAD3FD60DCDA984EACF1A1055
                                                                            SHA1:A9607441FD6AE3B84BBDF825EC16EBEB1F651240
                                                                            SHA-256:A2FE698234DEBF8205FC7A90410EE4B074A07C49AE8B3C70C7F124A006EB70BA
                                                                            SHA-512:6769744790DA1C53FDD922B05D43C0F9A772A4B45123ADD61DBC27FD8227627E0840E0F2EE10EB211C13159CDC1D292C5C89F99D2C04184966CB873F6CDF2F48
                                                                            Malicious:false
                                                                            Preview:...... ..........f...........h.......@@......(2..v...00...........@.. ..........F]........ .-x...i..(... ...@.......................................................................................................................................................................................$...%...,..."...*...!...,....!..# ..!!..)#..6 ...."...&...*...&...)...#...!..."..."... ...)...*...;...1...4...3.!.". . . .%."./. .1.. !..!,.."3..#9..,?.!!!.$"".#%#.""$.%#%.#$%.%%%.)#".))&.! *.$ +.&&(.%%/.(&*.&().+++.5-".1-,./0/.=3".32-.<5,.<:,.#$2.%)4.--2."'<.$+<.0.1..13.+2>.334.876.<:4.569.86:.788.;;;.A9-.A>=.K=9.?@?.CB=.KE>.PE:...N...P..0J.. [. '@."1C.>=B.56L.(4W.,8R.@=A.?@A.,Bi.1Db.$Hr.<Wt.6P~.;V{.BCC.IFE.IIC.EDH.JFL.GII.JJJ.SMM.SQM.KKQ.POS.NRR.OVY.UTT.XSQ.WXU.TUX.Z[[.f[M._\`.P\j.ATq.Nau.bbb.nln..I../\..0Y..1K..%i..0f..7l...e..5o..9r..4y..>~..Ee..Vi..^p..Ae..su..||..Hw..Pt..Mt..;x..?...y..._...\...t...y...i...e...7...>...H...B...t...D...J...I...N...S...R...X...]...f...h...s...s.................

                                                                            C:\Users\user\AppData\Local\Links\Offline_Items.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):46638
                                                                            Entropy (8bit):5.344893412879459
                                                                            Encrypted:false
                                                                            SSDEEP:384:TaT0nlIOpGqxsluTTAbWSrv5fYSesQFh0h/8OZlWgQNZZKPX91DJBtWAVkR8zGUQ:T3tZmRvyoiEjMrZZ2N1DPt7VjGcqj
                                                                            MD5:253EDDB9F0DAACE75747A736426DDC9C
                                                                            SHA1:FD51C992DFB1DE785FBB100E6CF1EA62E2716A85
                                                                            SHA-256:7E8306576D2F647AAA962F72623B59B041B6E55CE7BEAC206D9F6170EC89AB76
                                                                            SHA-512:C840450A44370AADB5585A13A20F61F7B0EEDBE9BD6B53400AF5D4DC9F6D334E78EF64C9D15E7289E9B4F89BD0F67F4ADF85E01FE26CD99C1013DF6D0682EC14
                                                                            Malicious:false
                                                                            Preview:...... ......................h...>...@@.... .(B......00.... ..%...P..((.... .h...vv.. .... .............. ............... ............... .h......(... ...@....................................Rz..Uu..Wt..Xr..Xu..Wy..W}..Xy..X}..Xn..Zr..Zu..ct..dv..hu..dz..d}.rQ..]P..PM..RO..VP..\Q..lX..tV..~V..yU..hU..nT..aR..hS..o\..i[..k\..rU..rU..sX..v^..._..z_..t]..q]..ha..kh..rb..tc..|c..DN..IN..HN..DO..PO..OV..RP..RW..VZ..YY.._Z..ZZ..T[..S\..QK..RM..SR..SR..TR..UW..YV..V[..W\..ZY..\Z..[^..cZ..e\..a^..]e..Ci..Zf..Xa..\h..Zh..Zl..Cp..Ct..Ls..Cx..D}..~w..gg..cl..ji..qo..kq..fz..fz..`~..ry..sw...W...W...X...X...X...W...W...X...X...Y...W...X...X...^...W...X...X...^...d...d...d...a...d...e...d...d...d...d...s...v...|...v...v...v...v...V...W...Z..._...X..._..._..._...a...k...|...n...v...v...x...v...t...z...z..D...D...k...q...s...D...D...D...E...l...k...l...l...m...{...E...E...F...F...F...F...G...G...L...m...m...n...{...{...|...|...o...n...o...|...}...~...~...]...q...p.......p...x...~.................

                                                                            C:\Users\user\AppData\Local\Links\Perfect_World.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):128636
                                                                            Entropy (8bit):7.155809040235002
                                                                            Encrypted:false
                                                                            SSDEEP:3072:vL+ADy94lYx5yq+fz9zGQJq7v7CPxSxLiB6tErthJGeVZYS16:j+r94lYiq+b9zVJqD2SxmBFhMeVib
                                                                            MD5:379E686024A856F0DA35F2A6AC563B36
                                                                            SHA1:A2569DA9FC0D43AA7B7E8CEB917B1B93E847E409
                                                                            SHA-256:27D4A20DF717CBD77A1594654AB79F625B25E57C63F8A5592D0F498B3DB41CD2
                                                                            SHA-512:214035188CD4186DF7F826C60003EF5680AED261EF30F98FA233D31D2E56583A2749740BADFDA5B9B4907172D35A1DAE0DC11C79AA5ACCCA6D03E27DB904CBDE
                                                                            Malicious:false
                                                                            Preview:...... ......................(....... ......................h...~......... ..<......@@.... .(B...N..00.... ..%......((.... .h...... .... .....,......... ............... .....\......... .h.......(... ...@.....................................................................................................................................................q...p.........................q......p.............Q.........q..................................wpwwqqwp......q.Ww..qw.w......qw.q....w.p....7.wwwwww.ww.....yww.xwxw.wp.....w.wwww.wpwpw...wx.s..w.7wxp....sw7wsy7www......sw.w7y.w.xpwxp..{....w.x...xxx...w....7...........................wwxy3p...........wwy.0.............s.x...........wy9............w99............w7...s.............{.................x............................................................................................1... .....'..........!... ....s...A......?...?.............................................(....... .................................................

                                                                            C:\Users\user\AppData\Local\Links\Rail_Nation.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):370070
                                                                            Entropy (8bit):6.277664543678692
                                                                            Encrypted:false
                                                                            SSDEEP:6144:ouLUrUJY7PFYKWBON/auOquEZ1ccpxAWcfAYG:fLU7ZYKWBOwqbxA
                                                                            MD5:B6D51380877697D140012DC4B346A5CF
                                                                            SHA1:40F6EFB11D8D8E88771F18C80D06FF4C36DA74B1
                                                                            SHA-256:E9C0FA9DF4BD62EADA275D67E7D79B609D6B9DA0F7921C07A7EB0DDDFB3690F9
                                                                            SHA-512:22EB1E4DCEA0318972EA9EC2D1449BFEE9AB362B30A50718476C306D8B79EE8870D44E300829B224EBA0B1058BE661FB58ED42E80EF9E048E0D5E80F1B5348A8
                                                                            Malicious:false
                                                                            Preview:............ .( ..f......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .h.......(............. ..........................nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..mV..mV..mV..mV..mV..lU..lU..lU..lU..lU..lW..lX..lW..kV..kV..kV..kV..kV..kV..kV..jU..jU..jU..jU..jU..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..hS..hS..hS..hS..hS..hS..hS..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..hS..hS..hS..hS..hS..hS..hS..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..jU..jU..jU..jU..jU..kV..kV..kV..kV..kV..kV..kV..lW..lW..lW..lW..lW..lW..mX..mV..mV..mV..mV..mV..mV..nW..nW..mV..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..n

                                                                            C:\Users\user\AppData\Local\Links\SteamKeys.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):61779
                                                                            Entropy (8bit):6.4579038685489705
                                                                            Encrypted:false
                                                                            SSDEEP:1536:6YUQfEkYu2FbfQF/TVqsFQrJceeeeeeeeeeJ7ESPwwwwwwwwwwwww:6HQIp4F/TVqsetceeeeeeeeeeJ7Eswwg
                                                                            MD5:87EB9C48165034DED5F5E97B1AADF0F1
                                                                            SHA1:B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C
                                                                            SHA-256:A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
                                                                            SHA-512:B86CC6CE4D6A60237C35983DAC77B9AA413547E27F0AF4F896EA4B1EAF9B26C45725E2C03378FCD721440DE83913F14166A6785666DD6EC00AD3FDF3402DF504
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..;......@@.... .(B...I..00.... ..%.....((.... .h....... .... ............... ............... .....3......... .h.......(... ...@...................................-...-...0...3"..:&..=)..5$..=,..=-..D,..G0..L2..M4..L5..M8..P5..U:..U:..Z=..X=..Q9..T<..G5..D4..L;..B3%.L=$.J;*._@..\@..\B..UA..[F.._H..eD..iH..oL..tP..rQ..yT..}W..rR...\..jM..bK..gO..lR..xX..{[..pU..vY..~_..y\..~_..TB#.[G#._K#.aL#.aM$.aO..gP#.kS".kT#.oW#.kU,.oX,.tY#.y]#.v_,.`S:.t_5.}`#..d-.|f6.|g<.~lG.{kM.odY.wkW.}nR.ti_.~pV..[...^...b...a...e...h...k...m...p...b...b...c...f...i...m...l...o...s...r...u...x...r...x...y...|...y...|...~.......c ..d#..g#..j#..m#..g+..j,..m,..q+..p#..s#..v#..y#..t+..w+..z+...:..|#..~#..}*..rO..tO..vK..tS..vS..uX..z\..~Y..y`...........=...$...#...$...$...<...V...X...O...T..._...T...V...h...b...b...g...r...w...}...`...e...n...w...v...~...{..V.....................................................................................................

                                                                            C:\Users\user\AppData\Local\Links\SteamKeys2.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):61779
                                                                            Entropy (8bit):6.4579038685489705
                                                                            Encrypted:false
                                                                            SSDEEP:1536:6YUQfEkYu2FbfQF/TVqsFQrJceeeeeeeeeeJ7ESPwwwwwwwwwwwww:6HQIp4F/TVqsetceeeeeeeeeeJ7Eswwg
                                                                            MD5:87EB9C48165034DED5F5E97B1AADF0F1
                                                                            SHA1:B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C
                                                                            SHA-256:A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
                                                                            SHA-512:B86CC6CE4D6A60237C35983DAC77B9AA413547E27F0AF4F896EA4B1EAF9B26C45725E2C03378FCD721440DE83913F14166A6785666DD6EC00AD3FDF3402DF504
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..;......@@.... .(B...I..00.... ..%.....((.... .h....... .... ............... ............... .....3......... .h.......(... ...@...................................-...-...0...3"..:&..=)..5$..=,..=-..D,..G0..L2..M4..L5..M8..P5..U:..U:..Z=..X=..Q9..T<..G5..D4..L;..B3%.L=$.J;*._@..\@..\B..UA..[F.._H..eD..iH..oL..tP..rQ..yT..}W..rR...\..jM..bK..gO..lR..xX..{[..pU..vY..~_..y\..~_..TB#.[G#._K#.aL#.aM$.aO..gP#.kS".kT#.oW#.kU,.oX,.tY#.y]#.v_,.`S:.t_5.}`#..d-.|f6.|g<.~lG.{kM.odY.wkW.}nR.ti_.~pV..[...^...b...a...e...h...k...m...p...b...b...c...f...i...m...l...o...s...r...u...x...r...x...y...|...y...|...~.......c ..d#..g#..j#..m#..g+..j,..m,..q+..p#..s#..v#..y#..t+..w+..z+...:..|#..~#..}*..rO..tO..vK..tS..vS..uX..z\..~Y..y`...........=...$...#...$...$...<...V...X...O...T..._...T...V...h...b...b...g...r...w...}...`...e...n...w...v...~...{..V.....................................................................................................

                                                                            C:\Users\user\AppData\Local\Links\War_Thunder.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):140822
                                                                            Entropy (8bit):5.211454945859278
                                                                            Encrypted:false
                                                                            SSDEEP:3072:U+wkTvN8//1s6npvjWQC42gyYKKGR1b+J:UETUmQpvhKg9Y1M
                                                                            MD5:BA88D80B361B52CCF74A1040001E38D2
                                                                            SHA1:7564B7A2BA3BFA75E3664B6A3234641D2C25D531
                                                                            SHA-256:49424D629656FB96B170DAE7CAA671ED5D746E8094ADDFCA183CC859EEC62B87
                                                                            SHA-512:3018BB435F5D53509F7BBA6AD0B65D8CE410E987DE0BBC5C8B8FCF35E0DFABD5EB6EE9F429F4CD102E357EEB321E95012F9A6E0D2403755E51F5EA2AC299FC56
                                                                            Malicious:false
                                                                            Preview:............ .....f......... .(.......@@.... .(B..6...00.... ..%..^... .... ............... .h....!...PNG........IHDR.............\r.f....IDATx..u.$.u.....Y.....=..=3..H#.,.l.m..ow.....z.o.ye......z.i.....2..*)..#2......T..dWfdD..q.=|....Aw..w.!.m..u.^...A...X.G...bo......`...Z..*..........>`/@.d...0.2...tU.........l..)...z|..vXe..1.. >.b.D .....@c.....*....G...s..6.[$".Z.s......7...>`.......*..&b.....z.T@r...o..K...-.s...Fa....P(A.;.V..}.......[.7....&Eg.1.?$....R...W.C.!.....W..b......H6...MK.*.z`.H:.^..._.G.U.p..........C..(...{..n ..x..;`...U.p..#.z.<..KHaG.Y..sE.....&w.......:V..`...P.....e.m..?...o...%.D.2.U.Xe.7.b.+.~).3...'|9.Mt..2.A....V.....2...f.V.X..U....e..8.@J.....+_.........&A{..mU...5.......j4. .........)E..:V..M.U.p.A.....d.F.......@.@..Z:+.Q.e.1,...o..+.R..u....*....^..Q*..b.f.-..u...;.....>M(....}g....`.bU..Y...n..."...X4._.z.$..S.iZ.]d.R...^..t.....3......cR.J.7+V....m...N.r_...~).R.Na....7."...dc-]G.0>4.P...0O@J."8.*..Xe.70...KH.

                                                                            C:\Users\user\AppData\Local\Links\Warface.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):177054
                                                                            Entropy (8bit):5.019215074360834
                                                                            Encrypted:false
                                                                            SSDEEP:1536:+70F/i47eRU5ZqOb1z+2HAi5UgSsSNQr5OPRGbjvxodpPD+cS7Du:+YF/i47D5wObF+2HPygmYwWvxGLku
                                                                            MD5:789145C717BA38B5224868D95BAC41B5
                                                                            SHA1:B011C718F7CCFDD3CAC15E50792E2CCA58616767
                                                                            SHA-256:CA92E3FCC37F510ACB4E64F2E277397D0D53A050090590AC8B3C82FD2A3ACB5B
                                                                            SHA-512:76D4677A5191C8B54227EE1B25EAC09A6C57C1D5BA1C0A038C7E9B9F011D56594661C659303C47550F6AC172A3A131782A07B6A8170A642957508B5862C5B947
                                                                            Malicious:false
                                                                            Preview:..............(....... ..............00......h...............h...N... ..............00..........^......... .h....(.. .... .....n,..00.... ..%...=..@@.... .(B...b..``.... .............. .(....9........ ..q...A..(....... .................................................................................................$.4....C.B..... .0Ppp ..p....Pp...sxv..W.h..p.A.....pp$'...p.P..x..v. g..p.p.......p`B...a.p.!.pp..R@.p..`.. ...a..4.....`...................................................................(... ...@...................................................................................................$0BA%.R........`...4.A..p@....B.! RA$.C..$0....aF. ..`..BP...@4..0RA$.A.0.C...BAaB.0C.0p@p.......%.A$'..s.!@.@4xw.@'P..xt0R...@(.u!..`h..@%$.@4x..ph......@.p.....w..g....!`..ax..P...X.. P%!B./.. ......C...!B_.....`x...pBR../..p......R@0.aB_.....`x...%.C@4(.........4.0.4....q..ao...R.RA h...`.......`$0P...p..p....$........a.....`P`BP ...p..p.....A0......@..O..4. BP x.q. a.7...C..!

                                                                            C:\Users\user\AppData\Local\Links\World_Of_Tanks.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 39521 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):290383
                                                                            Entropy (8bit):6.021235719174033
                                                                            Encrypted:false
                                                                            SSDEEP:3072:P/0MZhJMslJ4BADKKduSRLO9MXqqo1kYgKg7iHfXR0fcVrqzm3SytBJmNM:hZhJMyJsL6Q9M6/1FgTu/XRkSGqVP8M
                                                                            MD5:7675ED23B17F38B26F3F7E9115ED0C4B
                                                                            SHA1:0D4817EE03CAA7432FBF503EBD450C948B1E3A67
                                                                            SHA-256:47F208F29240B4E5C7D21C1A006424A20DDD7316BD2C787D0C21B1ACAAA7B572
                                                                            SHA-512:7EED5A791EB2D361A25CE5C10C9926BFD4346E0ABA82035D47C5B1BF43684BA3C685DBCD0AB54D28BC459C8D404991F9B1F2E05923387F72072910C7418D9FDF
                                                                            Malicious:false
                                                                            Preview:............ .a............. .(...'...``.... .....O...HH.... ..T...7..@@.... .(B......<<.... .H:......00.... ..%......((.... .h....... .... ......H........ ......Y........ ...../c........ .h....i...PNG........IHDR.............\r.f....IDATx.....u.>\.s....N...]r...dAQ..1..(....=#.......(.DDV...6.yvr.{.g:Nw..S....w....?>.N._.oU=U.T.A.n..l.l.p..SO=...3........./7........W..?{/.o._.j.o}.?...G.....9....W....b?..m|.wym.....O..w=.>.......OG..l3..wqt{.f..G..N<.xX.%..%...........'.......3......{G....;...+..t..!...sq......w.....z..}>..D.|x.v..k*......#.N....0..!..}...q.....f.*........q..nz.{....^....b.yq9=b.Y.f.Q.......J.e6..\nc:.....j.....m..L&/....d2k6..h4.R.{!....(.L:3::n......q.=...b..._6..K:....!......d...`D,fC.f..JJ....R....s5I:.1.LM..j...M.R....s...M/,..x2%&.%.L...9...7.3...|D..?....`....XL.......BZ...8......Gc.....U.a.Jk[...y.o~.k........?..e;...w6*...K.n.....d7g.eQ..m.....G["1..x....Tt.ys.9.s......H..w...*...F./;f..M.<.........r..M..&%

                                                                            C:\Users\user\AppData\Local\Links\World_Of_Tanks_Ru.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):125642
                                                                            Entropy (8bit):7.207168433253684
                                                                            Encrypted:false
                                                                            SSDEEP:3072:h0bh1dOEqWx054FKmMaPGmEz2ylJgeyIHd/Uubt1+UQN:hyZ028mMaPulGnI9Mubta
                                                                            MD5:6F05D1EA449BA3BFC87A28AE9F9C778D
                                                                            SHA1:6180A882FE0F319CD7C600206379DCE1BA419930
                                                                            SHA-256:C325F0525227884A8A7ECFA948BB713BFDE8D987212607B39EF6542DEC418366
                                                                            SHA-512:D95E3A6478FE556ACC6CA7177235AA4397087C197384F4B2740E92298AFD6F9A518C0BCE2B8569D5BC6322358AC488044B3669182E9B2CE154DBD3CF06511A1D
                                                                            Malicious:false
                                                                            Preview:...... ......................(.......00.............. ..........n...........h............. ..B..~!..@@.... .(B..bd..00.... ..%...... .... .....2......... ............... .h...b...(... ...@...................................=P\...'.t... 3I.........Vkz..........*7.....0BO.....bx..G]h.........................................M.............B.$ ............/.:J...........B. u.@.........$#.............B...#..@.......J..w.+.W,........W.w.+ +.......J...w.+ ... ....J\.....@.c......0..R..\..: .....0.;......:.....L.........:.....L..1.&....:.....L..1..@k..:.....L.....Mk..:.....A.f............A.f.f.f..o......L.......o4......................Q....,...........U[..UU.T......W."".""&%4@.......m-.".... ......`.....zr........[.....G`........wwwwq................................`................................................?....................................................................................................(....... ...................................$3C.Pep.....s...=NY...(..%u.Zo

                                                                            C:\Users\user\AppData\Local\Links\World_Of_Warships.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):68395
                                                                            Entropy (8bit):6.411823933066238
                                                                            Encrypted:false
                                                                            SSDEEP:1536:gz/7dgkP+6y4M2BWqttJ8ioWaWxx23rZ/:gzpgk26y4dB9t38FWaWxx23rZ/
                                                                            MD5:570761A7E30D245758DB8C897D9B4008
                                                                            SHA1:2FE8F0045BC3F1549297D553999AAC31500902A6
                                                                            SHA-256:9CCC82983E136A630F65B937C8B69D34B6B31B57D3A1862511BC6E7A6F882BB4
                                                                            SHA-512:65B2A5500382AB579F5E93BB5137BC540C5D4A4B8C63ACCFB8210A0577E10E8BA530BF7C858ED7E254747B383E8EFF53B6DC5187A3EBC2455D081EF858109131
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..T......@@.... .(B...c..00.... ..%.....((.... .h...s... .... ............... ............... ............... .h.......(... ...@...................................(...+...,.../...0...2...2 ..4!..5#..7$..8&..9'..:(..<)..=+..>,..?-..@/..A0..C1 .D2!.H7&.I8'.J9).L<+.N=-.P@/.RB2.SD4.UE5.WH8.YI:.ZK<.[L=.aRD.bTE.fXJ.hZL.k^P.l^Q.m`R.oaT.qdW.reX.vj].zna.~rf..sh..xl..yn..}r...u...u...z...|...................................................................[.1.q.Q...q......................../...P...p.................. ...=.1.[.Q.y.q....................../.."P..0p..=...L...Y...g...x.....1...Q...q.....................&/..@P..Zp..t.....................1...Q...q...................../&..PA..p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q...q....................../. .P.6.p.L...b...x...

                                                                            C:\Users\user\AppData\Local\Links\World_Of_Warships_Ru.ico (copy)

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 65531 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):169897
                                                                            Entropy (8bit):7.689177789198009
                                                                            Encrypted:false
                                                                            SSDEEP:3072:+gla1wz3iUL8RhwlPzp0wi7NSmboJgZB+MGpUDkqAlWTnqgvc:LauzxewlLpPiwmb8MGpUhAlWrv0
                                                                            MD5:933D32720FD1BFBE455DBFCAC145E47D
                                                                            SHA1:471565CAC051D296A2258D3F7560B0F348E7A455
                                                                            SHA-256:DE9A8DFE847A50CCCABB873F9B4C05FBEFF5BD5A51D9C433F62B5502EDE26853
                                                                            SHA-512:E3D4674B114754F10711FCE46AFAF6F311EB93863710746933DCBB133AB1DA9E5C71B4D1EF8E3B6F72B9F099D9B5ADB33F0C14D4E726459E5644E9DCE4A33706
                                                                            Malicious:false
                                                                            Preview:............ .....f...@@.... .(B..a...00.... ..%...B..((.... .h...1h.. .... ............... .h...A....PNG........IHDR.............\r.f....IDATx..g.dU.=.*w.....<C.I.".".. .$.0....fQ1.d$.".%(y.09t..:Vw..Z.6.~.?..........s.^{.p.q...a..<w6y.s/.P..JL.G..Y.........z=.....ggg..t.5;.r....s..k....P^.{rr.511...e.Y..........y..T2.N&.n....y}...1w&.u....`^...D\.l...]...t"..d.D........!.4...+.k.r9WII...s.<>w|<...g...q{.L']..........r..h8....cre2.Wr6...-.w......l..BW6.v.9r#.#.....x}>...E<.w.\...;.H$....<.7fSIwr&..............\..&&'\~..y.<LNL.s...,&......Ig\!.stt.....r....i.2Y......<... 5...L..w ..kttt....%.%H.R.H~...S.x<..^.....w.....>...H(..?....C....5?FFF.r.QW[...!p...85.....g8.D6.....T...NLcjb...p...f...G..qD9...\Ow../.....B..\^0.e.d.\..P(..%x.l*.K.f9/yH..t*...............e.&'..._.....7.%.......^9^;755..d.\..L....P.k...O&....n......&...`^.;.....:..o^..w..........j....E..0..._.r....J..!..{H......W_.V.,...0$...@z..A%u.I...B4A..x.....0%....0..........#1

                                                                            C:\Users\user\AppData\Local\Links\is-2UNQ6.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):61779
                                                                            Entropy (8bit):6.4579038685489705
                                                                            Encrypted:false
                                                                            SSDEEP:1536:6YUQfEkYu2FbfQF/TVqsFQrJceeeeeeeeeeJ7ESPwwwwwwwwwwwww:6HQIp4F/TVqsetceeeeeeeeeeJ7Eswwg
                                                                            MD5:87EB9C48165034DED5F5E97B1AADF0F1
                                                                            SHA1:B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C
                                                                            SHA-256:A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
                                                                            SHA-512:B86CC6CE4D6A60237C35983DAC77B9AA413547E27F0AF4F896EA4B1EAF9B26C45725E2C03378FCD721440DE83913F14166A6785666DD6EC00AD3FDF3402DF504
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..;......@@.... .(B...I..00.... ..%.....((.... .h....... .... ............... ............... .....3......... .h.......(... ...@...................................-...-...0...3"..:&..=)..5$..=,..=-..D,..G0..L2..M4..L5..M8..P5..U:..U:..Z=..X=..Q9..T<..G5..D4..L;..B3%.L=$.J;*._@..\@..\B..UA..[F.._H..eD..iH..oL..tP..rQ..yT..}W..rR...\..jM..bK..gO..lR..xX..{[..pU..vY..~_..y\..~_..TB#.[G#._K#.aL#.aM$.aO..gP#.kS".kT#.oW#.kU,.oX,.tY#.y]#.v_,.`S:.t_5.}`#..d-.|f6.|g<.~lG.{kM.odY.wkW.}nR.ti_.~pV..[...^...b...a...e...h...k...m...p...b...b...c...f...i...m...l...o...s...r...u...x...r...x...y...|...y...|...~.......c ..d#..g#..j#..m#..g+..j,..m,..q+..p#..s#..v#..y#..t+..w+..z+...:..|#..~#..}*..rO..tO..vK..tS..vS..uX..z\..~Y..y`...........=...$...#...$...$...<...V...X...O...T..._...T...V...h...b...b...g...r...w...}...`...e...n...w...v...~...{..V.....................................................................................................

                                                                            C:\Users\user\AppData\Local\Links\is-4030Q.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):119089
                                                                            Entropy (8bit):7.89966085473611
                                                                            Encrypted:false
                                                                            SSDEEP:3072:7e99XxN3lq1D3g8No7h9+VSoYD6ySVYCzs/caE:q9xtqq8N0yVJa6ziCAcaE
                                                                            MD5:48E2A9CD8F081337351CD1EFDA38F100
                                                                            SHA1:F1017962F97AC1C533A988DD924C8275A7796BE7
                                                                            SHA-256:BD231A69F035E73BF91559AB3BB689D1459D15B5AFE186A9E26AC8249C9BD788
                                                                            SHA-512:65E5C193026F5947DC72A01C0BFE7EF4055DC433243B054D323287A8990F457F9B87B893EA7DFACF585170C2A51632E053F36CC5DD870FDD1E69168650399BF7
                                                                            Malicious:false
                                                                            Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ......D..(....... ..... ............................]..................'...-...0...0...-...(... ................]............."?...1...7...G...L...G...C...7...2.!$@.................#%7...(..3e.dhy.%*P...X...l...i...S.#)N.fj{.27g...+.'(:...!.;>V.|}..03P...`.ox..dp..?O....}...|.;L~.dp..ox....`./2O.{|..ABZ...5.QU{.uy..$+e.Rb..5J..Li..[...Z...Mj..3H..Sc..#)d.vz..VY....=...$...C..6..jx..h...R{...-..3c..4d...,..Kt..i...hv..18....J...,...)...@...f.DU......~....C...?...=...@..{.......IY....l...I...0...+...C...Y.&6}.~...N....D...F...D...B..N...~...*:....c...O...8...)...8.@Jj.r...0L.......9...C...F...>...4..2N..u...IQo...C...7...5.`d{.........n...w...i....H...J..f...t...m...........hk....>...4.)0d.*3{.+8..CS..........3`../]..........GX..3>..2:..38o...=.......'...=.)0f.NX..(9..Rm..d...^...To..+<..QZ..06m...G...3...$.......-.15Z.$+i...l...}.&4..........(7....~...s.*/p.69`...4..........!7...2...3...G...W...m...........h...

                                                                            C:\Users\user\AppData\Local\Links\is-4FOIB.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):370070
                                                                            Entropy (8bit):6.277664543678692
                                                                            Encrypted:false
                                                                            SSDEEP:6144:ouLUrUJY7PFYKWBON/auOquEZ1ccpxAWcfAYG:fLU7ZYKWBOwqbxA
                                                                            MD5:B6D51380877697D140012DC4B346A5CF
                                                                            SHA1:40F6EFB11D8D8E88771F18C80D06FF4C36DA74B1
                                                                            SHA-256:E9C0FA9DF4BD62EADA275D67E7D79B609D6B9DA0F7921C07A7EB0DDDFB3690F9
                                                                            SHA-512:22EB1E4DCEA0318972EA9EC2D1449BFEE9AB362B30A50718476C306D8B79EE8870D44E300829B224EBA0B1058BE661FB58ED42E80EF9E048E0D5E80F1B5348A8
                                                                            Malicious:false
                                                                            Preview:............ .( ..f......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .h.......(............. ..........................nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..mV..mV..mV..mV..mV..lU..lU..lU..lU..lU..lW..lX..lW..kV..kV..kV..kV..kV..kV..kV..jU..jU..jU..jU..jU..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..hS..hS..hS..hS..hS..hS..hS..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..gR..hS..hS..hS..hS..hS..hS..hS..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..iT..jU..jU..jU..jU..jU..kV..kV..kV..kV..kV..kV..kV..lW..lW..lW..lW..lW..lW..mX..mV..mV..mV..mV..mV..mV..nW..nW..mV..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..nW..n

                                                                            C:\Users\user\AppData\Local\Links\is-4R2DA.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):177054
                                                                            Entropy (8bit):5.019215074360834
                                                                            Encrypted:false
                                                                            SSDEEP:1536:+70F/i47eRU5ZqOb1z+2HAi5UgSsSNQr5OPRGbjvxodpPD+cS7Du:+YF/i47D5wObF+2HPygmYwWvxGLku
                                                                            MD5:789145C717BA38B5224868D95BAC41B5
                                                                            SHA1:B011C718F7CCFDD3CAC15E50792E2CCA58616767
                                                                            SHA-256:CA92E3FCC37F510ACB4E64F2E277397D0D53A050090590AC8B3C82FD2A3ACB5B
                                                                            SHA-512:76D4677A5191C8B54227EE1B25EAC09A6C57C1D5BA1C0A038C7E9B9F011D56594661C659303C47550F6AC172A3A131782A07B6A8170A642957508B5862C5B947
                                                                            Malicious:false
                                                                            Preview:..............(....... ..............00......h...............h...N... ..............00..........^......... .h....(.. .... .....n,..00.... ..%...=..@@.... .(B...b..``.... .............. .(....9........ ..q...A..(....... .................................................................................................$.4....C.B..... .0Ppp ..p....Pp...sxv..W.h..p.A.....pp$'...p.P..x..v. g..p.p.......p`B...a.p.!.pp..R@.p..`.. ...a..4.....`...................................................................(... ...@...................................................................................................$0BA%.R........`...4.A..p@....B.! RA$.C..$0....aF. ..`..BP...@4..0RA$.A.0.C...BAaB.0C.0p@p.......%.A$'..s.!@.@4xw.@'P..xt0R...@(.u!..`h..@%$.@4x..ph......@.p.....w..g....!`..ax..P...X.. P%!B./.. ......C...!B_.....`x...pBR../..p......R@0.aB_.....`x...%.C@4(.........4.0.4....q..ao...R.RA h...`.......`$0P...p..p....$........a.....`P`BP ...p..p.....A0......@..O..4. BP x.q. a.7...C..!

                                                                            C:\Users\user\AppData\Local\Links\is-5S6OB.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):46638
                                                                            Entropy (8bit):5.344893412879459
                                                                            Encrypted:false
                                                                            SSDEEP:384:TaT0nlIOpGqxsluTTAbWSrv5fYSesQFh0h/8OZlWgQNZZKPX91DJBtWAVkR8zGUQ:T3tZmRvyoiEjMrZZ2N1DPt7VjGcqj
                                                                            MD5:253EDDB9F0DAACE75747A736426DDC9C
                                                                            SHA1:FD51C992DFB1DE785FBB100E6CF1EA62E2716A85
                                                                            SHA-256:7E8306576D2F647AAA962F72623B59B041B6E55CE7BEAC206D9F6170EC89AB76
                                                                            SHA-512:C840450A44370AADB5585A13A20F61F7B0EEDBE9BD6B53400AF5D4DC9F6D334E78EF64C9D15E7289E9B4F89BD0F67F4ADF85E01FE26CD99C1013DF6D0682EC14
                                                                            Malicious:false
                                                                            Preview:...... ......................h...>...@@.... .(B......00.... ..%...P..((.... .h...vv.. .... .............. ............... ............... .h......(... ...@....................................Rz..Uu..Wt..Xr..Xu..Wy..W}..Xy..X}..Xn..Zr..Zu..ct..dv..hu..dz..d}.rQ..]P..PM..RO..VP..\Q..lX..tV..~V..yU..hU..nT..aR..hS..o\..i[..k\..rU..rU..sX..v^..._..z_..t]..q]..ha..kh..rb..tc..|c..DN..IN..HN..DO..PO..OV..RP..RW..VZ..YY.._Z..ZZ..T[..S\..QK..RM..SR..SR..TR..UW..YV..V[..W\..ZY..\Z..[^..cZ..e\..a^..]e..Ci..Zf..Xa..\h..Zh..Zl..Cp..Ct..Ls..Cx..D}..~w..gg..cl..ji..qo..kq..fz..fz..`~..ry..sw...W...W...X...X...X...W...W...X...X...Y...W...X...X...^...W...X...X...^...d...d...d...a...d...e...d...d...d...d...s...v...|...v...v...v...v...V...W...Z..._...X..._..._..._...a...k...|...n...v...v...x...v...t...z...z..D...D...k...q...s...D...D...D...E...l...k...l...l...m...{...E...E...F...F...F...F...G...G...L...m...m...n...{...{...|...|...o...n...o...|...}...~...~...]...q...p.......p...x...~.................

                                                                            C:\Users\user\AppData\Local\Links\is-8JGDF.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 39521 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):290383
                                                                            Entropy (8bit):6.021235719174033
                                                                            Encrypted:false
                                                                            SSDEEP:3072:P/0MZhJMslJ4BADKKduSRLO9MXqqo1kYgKg7iHfXR0fcVrqzm3SytBJmNM:hZhJMyJsL6Q9M6/1FgTu/XRkSGqVP8M
                                                                            MD5:7675ED23B17F38B26F3F7E9115ED0C4B
                                                                            SHA1:0D4817EE03CAA7432FBF503EBD450C948B1E3A67
                                                                            SHA-256:47F208F29240B4E5C7D21C1A006424A20DDD7316BD2C787D0C21B1ACAAA7B572
                                                                            SHA-512:7EED5A791EB2D361A25CE5C10C9926BFD4346E0ABA82035D47C5B1BF43684BA3C685DBCD0AB54D28BC459C8D404991F9B1F2E05923387F72072910C7418D9FDF
                                                                            Malicious:false
                                                                            Preview:............ .a............. .(...'...``.... .....O...HH.... ..T...7..@@.... .(B......<<.... .H:......00.... ..%......((.... .h....... .... ......H........ ......Y........ ...../c........ .h....i...PNG........IHDR.............\r.f....IDATx.....u.>\.s....N...]r...dAQ..1..(....=#.......(.DDV...6.yvr.{.g:Nw..S....w....?>.N._.oU=U.T.A.n..l.l.p..SO=...3........./7........W..?{/.o._.j.o}.?...G.....9....W....b?..m|.wym.....O..w=.>.......OG..l3..wqt{.f..G..N<.xX.%..%...........'.......3......{G....;...+..t..!...sq......w.....z..}>..D.|x.v..k*......#.N....0..!..}...q.....f.*........q..nz.{....^....b.yq9=b.Y.f.Q.......J.e6..\nc:.....j.....m..L&/....d2k6..h4.R.{!....(.L:3::n......q.=...b..._6..K:....!......d...`D,fC.f..JJ....R....s5I:.1.LM..j...M.R....s...M/,..x2%&.%.L...9...7.3...|D..?....`....XL.......BZ...8......Gc.....U.a.Jk[...y.o~.k........?..e;...w6*...K.n.....d7g.eQ..m.....G["1..x....Tt.ys.9.s......H..w...*...F./;f..M.<.........r..M..&%

                                                                            C:\Users\user\AppData\Local\Links\is-9ATD6.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):123419
                                                                            Entropy (8bit):7.902599099392098
                                                                            Encrypted:false
                                                                            SSDEEP:3072:LTz2icC/yuC/YaMoizlFfm2DLBdwshcKvfIr9gYM9wqVOGKh:LpvW/Yagzvfm2fBdwsLISpsH
                                                                            MD5:A552E47FAD3FD60DCDA984EACF1A1055
                                                                            SHA1:A9607441FD6AE3B84BBDF825EC16EBEB1F651240
                                                                            SHA-256:A2FE698234DEBF8205FC7A90410EE4B074A07C49AE8B3C70C7F124A006EB70BA
                                                                            SHA-512:6769744790DA1C53FDD922B05D43C0F9A772A4B45123ADD61DBC27FD8227627E0840E0F2EE10EB211C13159CDC1D292C5C89F99D2C04184966CB873F6CDF2F48
                                                                            Malicious:false
                                                                            Preview:...... ..........f...........h.......@@......(2..v...00...........@.. ..........F]........ .-x...i..(... ...@.......................................................................................................................................................................................$...%...,..."...*...!...,....!..# ..!!..)#..6 ...."...&...*...&...)...#...!..."..."... ...)...*...;...1...4...3.!.". . . .%."./. .1.. !..!,.."3..#9..,?.!!!.$"".#%#.""$.%#%.#$%.%%%.)#".))&.! *.$ +.&&(.%%/.(&*.&().+++.5-".1-,./0/.=3".32-.<5,.<:,.#$2.%)4.--2."'<.$+<.0.1..13.+2>.334.876.<:4.569.86:.788.;;;.A9-.A>=.K=9.?@?.CB=.KE>.PE:...N...P..0J.. [. '@."1C.>=B.56L.(4W.,8R.@=A.?@A.,Bi.1Db.$Hr.<Wt.6P~.;V{.BCC.IFE.IIC.EDH.JFL.GII.JJJ.SMM.SQM.KKQ.POS.NRR.OVY.UTT.XSQ.WXU.TUX.Z[[.f[M._\`.P\j.ATq.Nau.bbb.nln..I../\..0Y..1K..%i..0f..7l...e..5o..9r..4y..>~..Ee..Vi..^p..Ae..su..||..Hw..Pt..Mt..;x..?...y..._...\...t...y...i...e...7...>...H...B...t...D...J...I...N...S...R...X...]...f...h...s...s.................

                                                                            C:\Users\user\AppData\Local\Links\is-BN5AC.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):105166
                                                                            Entropy (8bit):7.7139071879226995
                                                                            Encrypted:false
                                                                            SSDEEP:3072:PKCynz7MEh8NItezQf/NNAzNOSfaCY7iqhNzH71R5SVMIhk7gNui:PKCGzYBnUHNS3CDWQdH7g/5Yi
                                                                            MD5:1716EA325B5A0426A9D0D3B8F46E9EBB
                                                                            SHA1:7BE6A62DB7E76971F95899E1A61BBD1B30390DE5
                                                                            SHA-256:0A56962379CFAB01A4492D4CCBB45D7257E493A2F778D0F1A00A050789546A6F
                                                                            SHA-512:26F4AA571469A5BD0FDDD122AF43D05FADDEB65537B93CE68397B2A0EDC87D7D18AC9E0A9AC1372113777C3173DA5CFD65032E16306F88432D3FADDAA4C7E761
                                                                            Malicious:false
                                                                            Preview:............ .h...V......... ............... ..9..F... .... ......G..@@.... .(B...X..(....... ..... .........................+...+...+...+...+...+...+...+...+...+...+...+...+...+...+...+...+....Zp.....%...+....g...Yo..%-..")..Qe..h..+...#........").+...+....M`..9G...".&....'0..................)2."....m.......$,.+...+...&....8E..&/...&.#....HY..n...Yo..9F..|.......ay..$,.'...+...+...(...&....#+......").&...+...+...!............BR.'...+...+...+....]s..."......")......$,.(...#............#+......Xn..t..+...+....IZ......9G.%....."...&..............#+.'....=K......Ob.+...+....,6......Vk.+...%................#+.'...+....c{......9F.+...+............K].+...$............#*.%...'...+....\s......!(.+...+....Yo......AQ.#............#*.$....0:...%.&....Ti......Pd.+...+....`w......u...........").'...)....4@.......$."....!(..d|.+...+...*...!............").&...+...+...&....5A.......#.$...)...+...+...$....0;......").#....FV..;I..IZ..7D..u...6C.......".&...+...+....r...2=..!(.'....M_...................

                                                                            C:\Users\user\AppData\Local\Links\is-DKHB6.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):128636
                                                                            Entropy (8bit):7.155809040235002
                                                                            Encrypted:false
                                                                            SSDEEP:3072:vL+ADy94lYx5yq+fz9zGQJq7v7CPxSxLiB6tErthJGeVZYS16:j+r94lYiq+b9zVJqD2SxmBFhMeVib
                                                                            MD5:379E686024A856F0DA35F2A6AC563B36
                                                                            SHA1:A2569DA9FC0D43AA7B7E8CEB917B1B93E847E409
                                                                            SHA-256:27D4A20DF717CBD77A1594654AB79F625B25E57C63F8A5592D0F498B3DB41CD2
                                                                            SHA-512:214035188CD4186DF7F826C60003EF5680AED261EF30F98FA233D31D2E56583A2749740BADFDA5B9B4907172D35A1DAE0DC11C79AA5ACCCA6D03E27DB904CBDE
                                                                            Malicious:false
                                                                            Preview:...... ......................(....... ......................h...~......... ..<......@@.... .(B...N..00.... ..%......((.... .h...... .... .....,......... ............... .....\......... .h.......(... ...@.....................................................................................................................................................q...p.........................q......p.............Q.........q..................................wpwwqqwp......q.Ww..qw.w......qw.q....w.p....7.wwwwww.ww.....yww.xwxw.wp.....w.wwww.wpwpw...wx.s..w.7wxp....sw7wsy7www......sw.w7y.w.xpwxp..{....w.x...xxx...w....7...........................wwxy3p...........wwy.0.............s.x...........wy9............w99............w7...s.............{.................x............................................................................................1... .....'..........!... ....s...A......?...?.............................................(....... .................................................

                                                                            C:\Users\user\AppData\Local\Links\is-G0NRQ.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 56059 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):221289
                                                                            Entropy (8bit):7.4944997152221
                                                                            Encrypted:false
                                                                            SSDEEP:3072:rv6WXQ34qq7Sy/l09G8tnqMgVEFXuFZozPlbaRS8XD34FfFFAftq1tUYt:rxXQ3y/CDtRFyYaR9XL4VFFA+vt
                                                                            MD5:788C5DE1CA3F7DEBBB1823FF783A1E43
                                                                            SHA1:87EAA23CAC63259CE99EEF44BC3CFF7695174777
                                                                            SHA-256:118E9D651DB0723494B66C74C907111FA6B5BB648EBFF26CB1BC2CC26E9E4819
                                                                            SHA-512:746E6464EA1D08F427A6FF3B281F871AC30167C1B80AB80EBA08F8F323BA6D70D6C1AFE1D6BAF21F919DFBAFF042BDF6A467E00D6F079BFDBCFF628FA1A9BFBC
                                                                            Malicious:false
                                                                            Preview:............ .....f......... .(...a...@@.... .(B......00.... ..%...%.. .... .....YK........ .h....\...PNG........IHDR.............\r.f....IDATx...eIv......|..1ed..YY..*.P.Y @...D4[.u....e2.....I....'=.L&.d&...H6H6. ....j@eU...1..{ow_zp...{#.@.E.p.=go..k...%..............LAD.! X.s.cP.........zD......1...h....~V.{..|..k...u...+..y..w....K"..\......@..@.....^..1.u.F*T".`"`".@..vO.{.FD.#......#...w^....X/_....._~@..x..=.. .tK""...B.......}l.@.....{........7..pv...7......q..c.T,...V.o.cD5@.7K....h ...._...T.,..EU..B..=h........1...n.l.K4.....?O..A.../..E.\./mSS/...1.......&=y.........,NX,..........QP.c\.1..XkA..c..^z..............1 b...EE....]?L...C......J...M........k.....{.^.."....._.k<v>g..,... .`.K......&..&-...H6..F...q.R.#P.s..f.)......_.k.}$W.H......K..?...v..K.......%.zN5.`]..".t...1D".....`.C../.....FI.A........_........'.-.....#.X..#.....c,.Hzt...s&....Ac$....b.m....,..W.F.F.(1(.,.F.L5F\..G.....@......u....p.<QC~l.#....6Y.%....v..X.

                                                                            C:\Users\user\AppData\Local\Links\is-HK1LU.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):167967
                                                                            Entropy (8bit):7.758469781882347
                                                                            Encrypted:false
                                                                            SSDEEP:3072:wYvKeEskYu4XyGdfJyzDOWxk4QuPTymeurdTdDK+DYbUvvDrGBezsCSrLsNZ850y:lKeEskYu2xSOWxkRubOur2yHVNZBgt
                                                                            MD5:17465E5AC8EF4EF7D8942E1EAED88B60
                                                                            SHA1:180B401E0C1E95C24960108649334D774A540673
                                                                            SHA-256:456ABBCC4FCF75EC4AD6C43D4E3A007B4AB57717474DF8FB378CD0BA347E4386
                                                                            SHA-512:108F492F42AC638E645A0171DBFB1236DC3CD5822BFB9612D4D523141DA5C9E7B33345F22EB03C83C5DDD8A05881689D5B096477684A7A42C4D67286DC02ECAF
                                                                            Malicious:false
                                                                            Preview:...... ......................h...^...``.......p...... ..........n...........H...............(...^...........h............. ..q.....@@.... .(B......00.... ..%...P..((.... .h....u..(... ...@......................................................................."...#...+... .....#..."...*.......1.#.&.*.%.2./.$.:.(.;.4.0.$##.)%&.-**.3$-.0--."&3.3 5.:%3.0/4.?*4.3#:.=+;.-3=.633.955.769.<:;.C/:.B3=.I4?.@=>...H.%.G.*.F.2.F.&.U.).X..+I..3U.$%@.7%E.,2A.17@.+ X.;'Y.$9Y.89S.).e.2.k.+.v.-#n.:'f.:7j.<)t.<>p.G8G.E4V.P=V.@.j.E9k.H7s.,B[.?BU.-Cc.)Gl.0Dg.4Qm.?Pl.)Jr.5Qs.9Tt.2U}.?Xz.ECC.IFF.BCI.NBI.GHN.NKK.SBL.PMN.BDS.NFT.AIU.CEZ.KDY.YFQ.UKQ.YKR.RD^.WO\.\L\.URR.[WW.VV].^R[.\Z[.cR\.b[^.@Oa.LOj.WFd.MPm.UUh.QAw.CYv.GRz.TXu.fXg.q_i.gYu.]i}.dbb.hde.ndj.mkk.qbj.pln.hjw.uht.urs.xuu.wq~.}t{.}yz..u{..|~.-...1...0...:$..3 ..9 ..O;../Y..:Y..9e..NH..gZ..`S..Ac..\e..Tp..Vj..Hp..Er..Hu..^~..hk..tg..jv..{v..tz...w..sz..cw..mq..j|..b|..i...pt..Dw..N...hy...y......w...z.......X...P...W...X...[...d...v...n...{...d.....

                                                                            C:\Users\user\AppData\Local\Links\is-ITF4A.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):127495
                                                                            Entropy (8bit):6.196066933594974
                                                                            Encrypted:false
                                                                            SSDEEP:768:LdKpp5jextXicch+Su0GGKlrspyLS0xAIvf6QMZPhxmsJLAkz182xmsVspLmOaam:vkH+BpdspJ0xnfcCvO5utY
                                                                            MD5:9757C1521025641E9E4315E6212106F5
                                                                            SHA1:A79A3363C6B382DBF71C6663852E125EA7CB56B8
                                                                            SHA-256:84421E8D61D3927B1C61BA8299BE1A7D698FF92E00944645DB04977EEBDAF6AD
                                                                            SHA-512:57B4459077BE18CE011133705063CEED31DF8D53F8146204F8E73CEFF811C4F24AF9DC65D475C825B65BB21192D5B3FE76835EAB2B972B8221FBF286967C305B
                                                                            Malicious:false
                                                                            Preview:............ ..l..f......... .(....l..@@.... .(B..'u..00.... ..%..O... .... ............... .h........PNG........IHDR.............\r.f..l`IDATx..}w.....gf..( $...AB.(2&...c.mp....s:..|...g....3.9..d..,..I......6.t.......=.....-}.v..........f.hC...6...mhC...6...mhC...6...mhC...6...mhC.......H......XL68.."C..S.="...,.;.~..0.?.H.'....GY.}].......2...g.h.x.`.(..........(96...[.@..L.....(....V..N.\....`.#........B.-..........1..........T.....-...G......%'.... ..Gk..}...>..3.7.2....w....6.`...8p}.n(.T..N.8.6{4....w..6.x|5..g(..WX...X...7...?....X.Mt[....{..1.Cpm..*.{8.o....e..P]t.0.X;...h.;.&t......aro..a......C..."r4ZS......I.G.h..F.....I_T....}D...a.k...:...}C#.sd.......c...w..S...F..V.6F;..~.{L.M_.~.;.z.....C|......f..}KacoG../..7e`........)z.......].....X....bcy9....;.u.+........}f..j=;.o.bn.o.;].Tj...a.7..Z.o.....c."....k.c.Eb......N.?.q.L?ZLB.....d~......h..l.;.....v..G..p5..j7..f.".....*.6..g...z|$..6........^...).....;.6...s9...Y.[.

                                                                            C:\Users\user\AppData\Local\Links\is-L837A.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):21366
                                                                            Entropy (8bit):7.923035970136854
                                                                            Encrypted:false
                                                                            SSDEEP:384:Ig46j7z/57zhTIh9EBjOP8c6KR6k351bxR8biituFdUo/csBDJwjDc846+p:Ig9/zplTIh9EBSP8c6KYg5ffitOpc6Jn
                                                                            MD5:5F7C3B5821E9758E783E0E0912D5E060
                                                                            SHA1:FACAADFBF7E62907A97406A1BB57CCE8D43EEF78
                                                                            SHA-256:805B4C1CAB106CAF2F33D15FB7C8849436DD2535457E8225938982EDB667D5F3
                                                                            SHA-512:CAD9321E7F7D1B29309F5FA4AC3B62C8D3596E30F71BE88E6DCDDB03646FC4FF91A9F84DAA70AACBDBD0058D1F8F0BCB63A12643E76639DEBFEC69DF28EE6B56
                                                                            Malicious:false
                                                                            Preview:............ .....v......... .+...*... .... .8...U...00.... .........@@.... .....e......... ......$........ .....s?...PNG........IHDR................a...{IDATx.}SMH.Q.=.}o|.Z.VH..3h.B...q.D...Z...r...P..!.Z..*....U....r A.r.ZHY.:.7~...i..F....9...X.$......,._l..../! )........zz.....C..gG.....ys.&...Z0.ZZ<..I9H.&.K$.|..H..8t.9wjk..).o<.......[..*..........rOvph(s.^.h.r...J.P........2....imLi4.ELkd.;......PT...`..@xF..vUCi.,...].".=.Y.X..C..O..U.. ..7Dy.......z[:...%.K%...............?m.'....._..........li.Tg<.....dL.R:.>....;.6...}.e....W..s..v...#..T..=....eK..... ........:.53...6.3f.Pv......&......8.J$.h.5...@...`jj2fL0i..1.....#..Iv....]...X.B/...b..c_...hey...D..z.}.n..~[....Xk...Y..-...I>._t..H..5...@.." .dr...l<...._.T,Z^.#./..S.../.y..`E..t....`N.~......IEND.B`..PNG........IHDR..............w=.....IDATx..UKh.U.....g&.8I.J.R..S."E.b..m.>@.1.-.V.....\8....H."}..>.E......"..}XKE..HIg....|.:.c. DzV.{.....{..-6Y.!.... ......$........-.R.n..6..I.O.

                                                                            C:\Users\user\AppData\Local\Links\is-MD8VJ.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):61779
                                                                            Entropy (8bit):6.4579038685489705
                                                                            Encrypted:false
                                                                            SSDEEP:1536:6YUQfEkYu2FbfQF/TVqsFQrJceeeeeeeeeeJ7ESPwwwwwwwwwwwww:6HQIp4F/TVqsetceeeeeeeeeeJ7Eswwg
                                                                            MD5:87EB9C48165034DED5F5E97B1AADF0F1
                                                                            SHA1:B554E5AED3F74B9606E8BC69B1E779BC65DC7D8C
                                                                            SHA-256:A3541F6C17EA039831A595841D5D5E60B0D32D8DE04CFCB839150E8605AB2DAC
                                                                            SHA-512:B86CC6CE4D6A60237C35983DAC77B9AA413547E27F0AF4F896EA4B1EAF9B26C45725E2C03378FCD721440DE83913F14166A6785666DD6EC00AD3FDF3402DF504
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..;......@@.... .(B...I..00.... ..%.....((.... .h....... .... ............... ............... .....3......... .h.......(... ...@...................................-...-...0...3"..:&..=)..5$..=,..=-..D,..G0..L2..M4..L5..M8..P5..U:..U:..Z=..X=..Q9..T<..G5..D4..L;..B3%.L=$.J;*._@..\@..\B..UA..[F.._H..eD..iH..oL..tP..rQ..yT..}W..rR...\..jM..bK..gO..lR..xX..{[..pU..vY..~_..y\..~_..TB#.[G#._K#.aL#.aM$.aO..gP#.kS".kT#.oW#.kU,.oX,.tY#.y]#.v_,.`S:.t_5.}`#..d-.|f6.|g<.~lG.{kM.odY.wkW.}nR.ti_.~pV..[...^...b...a...e...h...k...m...p...b...b...c...f...i...m...l...o...s...r...u...x...r...x...y...|...y...|...~.......c ..d#..g#..j#..m#..g+..j,..m,..q+..p#..s#..v#..y#..t+..w+..z+...:..|#..~#..}*..rO..tO..vK..tS..vS..uX..z\..~Y..y`...........=...$...#...$...$...<...V...X...O...T..._...T...V...h...b...b...g...r...w...}...`...e...n...w...v...~...{..V.....................................................................................................

                                                                            C:\Users\user\AppData\Local\Links\is-MFFL2.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 65531 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):169897
                                                                            Entropy (8bit):7.689177789198009
                                                                            Encrypted:false
                                                                            SSDEEP:3072:+gla1wz3iUL8RhwlPzp0wi7NSmboJgZB+MGpUDkqAlWTnqgvc:LauzxewlLpPiwmb8MGpUhAlWrv0
                                                                            MD5:933D32720FD1BFBE455DBFCAC145E47D
                                                                            SHA1:471565CAC051D296A2258D3F7560B0F348E7A455
                                                                            SHA-256:DE9A8DFE847A50CCCABB873F9B4C05FBEFF5BD5A51D9C433F62B5502EDE26853
                                                                            SHA-512:E3D4674B114754F10711FCE46AFAF6F311EB93863710746933DCBB133AB1DA9E5C71B4D1EF8E3B6F72B9F099D9B5ADB33F0C14D4E726459E5644E9DCE4A33706
                                                                            Malicious:false
                                                                            Preview:............ .....f...@@.... .(B..a...00.... ..%...B..((.... .h...1h.. .... ............... .h...A....PNG........IHDR.............\r.f....IDATx..g.dU.=.*w.....<C.I.".".. .$.0....fQ1.d$.".%(y.09t..:Vw..Z.6.~.?..........s.^{.p.q...a..<w6y.s/.P..JL.G..Y.........z=.....ggg..t.5;.r....s..k....P^.{rr.511...e.Y..........y..T2.N&.n....y}...1w&.u....`^...D\.l...]...t"..d.D........!.4...+.k.r9WII...s.<>w|<...g...q{.L']..........r..h8....cre2.Wr6...-.w......l..BW6.v.9r#.#.....x}>...E<.w.\...;.H$....<.7fSIwr&..............\..&&'\~..y.<LNL.s...,&......Ig\!.stt.....r....i.2Y......<... 5...L..w ..kttt....%.%H.R.H~...S.x<..^.....w.....>...H(..?....C....5?FFF.r.QW[...!p...85.....g8.D6.....T...NLcjb...p...f...G..qD9...\Ow../.....B..\^0.e.d.\..P(..%x.l*.K.f9/yH..t*...............e.&'..._.....7.%.......^9^;755..d.\..L....P.k...O&....n......&...`^.;.....:..o^..w..........j....E..0..._.r....J..!..{H......W_.V.,...0$...@z..A%u.I...B4A..x.....0%....0..........#1

                                                                            C:\Users\user\AppData\Local\Links\is-PBPOA.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):140822
                                                                            Entropy (8bit):5.211454945859278
                                                                            Encrypted:false
                                                                            SSDEEP:3072:U+wkTvN8//1s6npvjWQC42gyYKKGR1b+J:UETUmQpvhKg9Y1M
                                                                            MD5:BA88D80B361B52CCF74A1040001E38D2
                                                                            SHA1:7564B7A2BA3BFA75E3664B6A3234641D2C25D531
                                                                            SHA-256:49424D629656FB96B170DAE7CAA671ED5D746E8094ADDFCA183CC859EEC62B87
                                                                            SHA-512:3018BB435F5D53509F7BBA6AD0B65D8CE410E987DE0BBC5C8B8FCF35E0DFABD5EB6EE9F429F4CD102E357EEB321E95012F9A6E0D2403755E51F5EA2AC299FC56
                                                                            Malicious:false
                                                                            Preview:............ .....f......... .(.......@@.... .(B..6...00.... ..%..^... .... ............... .h....!...PNG........IHDR.............\r.f....IDATx..u.$.u.....Y.....=..=3..H#.,.l.m..ow.....z.o.ye......z.i.....2..*)..#2......T..dWfdD..q.=|....Aw..w.!.m..u.^...A...X.G...bo......`...Z..*..........>`/@.d...0.2...tU.........l..)...z|..vXe..1.. >.b.D .....@c.....*....G...s..6.[$".Z.s......7...>`.......*..&b.....z.T@r...o..K...-.s...Fa....P(A.;.V..}.......[.7....&Eg.1.?$....R...W.C.!.....W..b......H6...MK.*.z`.H:.^..._.G.U.p..........C..(...{..n ..x..;`...U.p..#.z.<..KHaG.Y..sE.....&w.......:V..`...P.....e.m..?...o...%.D.2.U.Xe.7.b.+.~).3...'|9.Mt..2.A....V.....2...f.V.X..U....e..8.@J.....+_.........&A{..mU...5.......j4. .........)E..:V..M.U.p.A.....d.F.......@.@..Z:+.Q.e.1,...o..+.R..u....*....^..Q*..b.f.-..u...;.....>M(....}g....`.bU..Y...n..."...X4._.z.$..S.iZ.]d.R...^..t.....3......cR.J.7+V....m...N.r_...~).R.Na....7."...dc-]G.0>4.P...0O@J."8.*..Xe.70...KH.

                                                                            C:\Users\user\AppData\Local\Links\is-RTAH9.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):68395
                                                                            Entropy (8bit):6.411823933066238
                                                                            Encrypted:false
                                                                            SSDEEP:1536:gz/7dgkP+6y4M2BWqttJ8ioWaWxx23rZ/:gzpgk26y4dB9t38FWaWxx23rZ/
                                                                            MD5:570761A7E30D245758DB8C897D9B4008
                                                                            SHA1:2FE8F0045BC3F1549297D553999AAC31500902A6
                                                                            SHA-256:9CCC82983E136A630F65B937C8B69D34B6B31B57D3A1862511BC6E7A6F882BB4
                                                                            SHA-512:65B2A5500382AB579F5E93BB5137BC540C5D4A4B8C63ACCFB8210A0577E10E8BA530BF7C858ED7E254747B383E8EFF53B6DC5187A3EBC2455D081EF858109131
                                                                            Malicious:false
                                                                            Preview:...... ......................h...N......... ..T......@@.... .(B...c..00.... ..%.....((.... .h...s... .... ............... ............... ............... .h.......(... ...@...................................(...+...,.../...0...2...2 ..4!..5#..7$..8&..9'..:(..<)..=+..>,..?-..@/..A0..C1 .D2!.H7&.I8'.J9).L<+.N=-.P@/.RB2.SD4.UE5.WH8.YI:.ZK<.[L=.aRD.bTE.fXJ.hZL.k^P.l^Q.m`R.oaT.qdW.reX.vj].zna.~rf..sh..xl..yn..}r...u...u...z...|...................................................................[.1.q.Q...q......................../...P...p.................. ...=.1.[.Q.y.q....................../.."P..0p..=...L...Y...g...x.....1...Q...q.....................&/..@P..Zp..t.....................1...Q...q...................../&..PA..p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q...q....................../. .P.6.p.L...b...x...

                                                                            C:\Users\user\AppData\Local\Links\is-SCAA3.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:Targa image data - Map 32 x 41776 x 1 +1
                                                                            Category:dropped
                                                                            Size (bytes):139366
                                                                            Entropy (8bit):7.769766610849165
                                                                            Encrypted:false
                                                                            SSDEEP:3072:L8Nr2pMnt5d73e3JUsk7KHvwM9yycKDZqP5HxLgo1:L8Nr2Itj7mJ8u4zyxwzb1
                                                                            MD5:37553947ABF9E76B4E9D60DB6EC7CA4F
                                                                            SHA1:8E823D2F960FFEF28B8D99FC95D7BB215DC6B96F
                                                                            SHA-256:765AF45B34EF72FBA2639CC3A397A8D14C0C1A5EFF88B299E78EF0B507F4D9D6
                                                                            SHA-512:C1756EC19AB0D028346B90C87C63E0A87977C7751A9E584B3429B7EE01B283417431F4E1437D7AE007DBBE2BA14CB271BDF42FD954FE3A340B14104EC43E8499
                                                                            Malicious:false
                                                                            Preview:............ .0...V...@@.... .(B......00.... ..%...... .... .....V......... .h........PNG........IHDR.............\r.f....IDATx..}..\.......Kv..d.q!I...]...w)P..).B....kp......B.....f.......f7I..k..fO>...y...|...O@..K.l."l...~.'.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../...@...6,.../...K?..K.l....../.....Pj&.a.........4...vV.e.K.Ha.}....>...G....][...+.dh!.[.?^xd.D....0.....7/....K?...d.v.X........f.^.39.....dcv4.p.....w>]=.2..A5......'...O.'.c.hc...U@.....3.xF+.K.Ywl....t.{.W7.uW.U....}.?.....H.9..k.'q.hY..T.f...a.d..dQ..Z..e.B (Uv...:..M...|.}.?..y.h..w.l..{x.h.o....Cv)Z..Kp........$....gM......>s...}.?.....H.=y...J.._.K0..Z....[..8...."D.8........~a.mI....~w....<2L..S........b.G..i.. j...a..!.-..87o.gc..T.T._..a.L.q..fL;k..>..\...\.;c8:.t.td>4..?.z.|.K.....T;kBv@.o.....#..b=..k..S......gz.8*.s^z<.d.HM3...Wm....%.<..1*..&.U.Y...C.iF...2.Q.....H6X..y.....np.RzJ...d

                                                                            C:\Users\user\AppData\Local\Links\is-T9C2I.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):125642
                                                                            Entropy (8bit):7.207168433253684
                                                                            Encrypted:false
                                                                            SSDEEP:3072:h0bh1dOEqWx054FKmMaPGmEz2ylJgeyIHd/Uubt1+UQN:hyZ028mMaPulGnI9Mubta
                                                                            MD5:6F05D1EA449BA3BFC87A28AE9F9C778D
                                                                            SHA1:6180A882FE0F319CD7C600206379DCE1BA419930
                                                                            SHA-256:C325F0525227884A8A7ECFA948BB713BFDE8D987212607B39EF6542DEC418366
                                                                            SHA-512:D95E3A6478FE556ACC6CA7177235AA4397087C197384F4B2740E92298AFD6F9A518C0BCE2B8569D5BC6322358AC488044B3669182E9B2CE154DBD3CF06511A1D
                                                                            Malicious:false
                                                                            Preview:...... ......................(.......00.............. ..........n...........h............. ..B..~!..@@.... .(B..bd..00.... ..%...... .... .....2......... ............... .h...b...(... ...@...................................=P\...'.t... 3I.........Vkz..........*7.....0BO.....bx..G]h.........................................M.............B.$ ............/.:J...........B. u.@.........$#.............B...#..@.......J..w.+.W,........W.w.+ +.......J...w.+ ... ....J\.....@.c......0..R..\..: .....0.;......:.....L.........:.....L..1.&....:.....L..1..@k..:.....L.....Mk..:.....A.f............A.f.f.f..o......L.......o4......................Q....,...........U[..UU.T......W."".""&%4@.......m-.".... ......`.....zr........[.....G`........wwwwq................................`................................................?....................................................................................................(....... ...................................$3C.Pep.....s...=NY...(..%u.Zo

                                                                            C:\Users\user\AppData\Local\Links\is-UL0IH.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):155079
                                                                            Entropy (8bit):7.640516418052588
                                                                            Encrypted:false
                                                                            SSDEEP:3072:0bhy4jGKveJsn1rQOstIrDbarja1fiDQh0zEywtQhY4HHlWWTOUHByaz:0TZveCdQOIIfbiWiYQ7nIWTOUhyaz
                                                                            MD5:1900CB7BD981CDD90FF47D2B05D3A8EC
                                                                            SHA1:6DC566803D9BDE0BE964D9049D8A28EDA54D8749
                                                                            SHA-256:9EABB164337AE33FD873F891EB064FE24A0A8C706FABA32D1AB45E2607D5BF00
                                                                            SHA-512:CF80A2F356959A0DEEB1E65884EE03CD485199E0A0293CE18D07B911070EB86FA9BF6E8356F5174C3C270659C6D189E8548268883CBEB902774115F1DBAD49E3
                                                                            Malicious:false
                                                                            Preview:...... ......................(.......00.............. ......................h...6......... ......!..@@.... .(B..?...00.... ..%..g...((.... .h....... .... .....w8........ ......I........ ......R........ .h..._Y..(... ...@......................................................................................................wwp...........pqq%...........swwwsSC........twwwww..........w..wwwv..Sp....w..t.ww.www.....x....ww..Awwp...x...wp....wwp..w.w..wvwv...ww..w...wC..Cw0.w...w.p.p.$..@w.w.p.w......%..www.pwwxpw.P`C..pww..wwwsp...pCCC.x..wwwtpBP`.....x..ww6w0a@4..a..G..w.PwP%$4.@%.p...w.0w44%.BPp.p...wxrGp....`d.p.....pCp....%..pH.x.xs@w..4$..wp..p....'p.ppp.x ..p.x.p..p@..qx.....x.swqg.Gq..x..........xwpx...x...x...ww.`....p.........$.............w7.x..........................x................x.........................................?...................................................................................................?............(....... .................................

                                                                            C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1232896
                                                                            Entropy (8bit):6.359320763879832
                                                                            Encrypted:false
                                                                            SSDEEP:24576:EnbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtx+Tqx9O3:SHeKh4nqzF3PYdStMGc
                                                                            MD5:74BB8D5B7E2F57DFFD90BD7EA75F0A4C
                                                                            SHA1:B3A02785512AE8DF7572542312EE16EB9D2BCEA0
                                                                            SHA-256:6DE6EF862581BAA16124FA292083CC7029F989C82CB0C4D9DC6765D0A60B28A6
                                                                            SHA-512:E75919B1E064EE20F7D9BC1CCB2E6C85633EF66601E35B932FC2E8FB5BA49FA396A622B3F41184CDC3BF8B88D694907C862E664B4581416C0097371C165EC654
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@.......................................@......@..............................@8...@...G...................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc....P...@...H..................@..@....................................@..@........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\is-IH3VM.tmp\_isetup\_setup64.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):6144
                                                                            Entropy (8bit):4.720366600008286
                                                                            Encrypted:false
                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: Emcon.Zvit.2.0.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.FileRepPup.2542.22578.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.FileRepPup.2542.22578.exe, Detection: malicious, Browse
                                                                            • Filename: Emcon.Zvit.2.0.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.Program.Unwanted.5412.26753.681.exe, Detection: malicious, Browse
                                                                            • Filename: my0qkzrWqy.rtf, Detection: malicious, Browse
                                                                            • Filename: sUe62S79Mb.rtf, Detection: malicious, Browse
                                                                            • Filename: MDE_File_Sample_fbc11f506d4b8a1c3077fd43f6560883e512cf72.zip, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ?????? Steam.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2034
                                                                            Entropy (8bit):2.7815416136570272
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlpBMicL+fClo+3vxzxSNReF2AsOEiO4ZR6q2AsOp5qy:8iwUlpB1olouvxEW2AsOEiZ8q2AsOiy
                                                                            MD5:FEA3C9DC752F36196C0EC144EA610AA6
                                                                            SHA1:A069163EB3BD9841B049AC038F75139469EDF7A7
                                                                            SHA-256:3DF0F30AF3F8A3EA538EDAFACD58F229BF288FBD7F67739C3D1C6F30B8259444
                                                                            SHA-512:B75A6D3A803FE5644FE58A5275111151B10D9088687ED4459CE906C338A39E0855552BE30555CE34433F5DD4D943276DC563D1AC496D3D5B5F0405DBBF5D325F
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......q.S.t.e.a.m. .k.e.y.s. .d.r.a.w.i.n.g. .o.f. .a.l.l. .t.h.e. .p.o.p.u.l.a.r. .g.a.m.e.s. .i.n. .S.t.e.a.m... .K.e.y.s. .f.o.r. .n.e.w. .g.a.m.e.s.,. .p.r.e.o.r.d.e.r.s. .a.n.d. .a.d.d.o.n.s. .t.o. .t.h.e. .b.e.s.t. .g.a.m.e.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.T.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.d.F.j.m.Q.F.j.X.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".2.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ??????? ???????.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2018
                                                                            Entropy (8bit):2.798082885579137
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlnPWUU8+x7W+fClo+3vxzxLo6NReS2BiO4Z3Aq2y5qy:8iwUlXf+x4louvxFB2BiZQq2ry
                                                                            MD5:8B5DE7A5D2E88BF5BBB292463AF919AE
                                                                            SHA1:66D01AD0CFF80478D403FB572B0C7CD66827CB89
                                                                            SHA-256:7245A31AB65ADF389175CB358B519F1B0400560E6533BC777BB9802673F349FC
                                                                            SHA-512:05CE71F2BD7D1D49C5944487F8376436D245FC49F819BB3EE0DBE30E89D93CD136B2AF2C835589435838D2D269E76B75D30165BEC4E2E0BC6AE9D8FAA1C76DC1
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......f.D.r.a.w. .o.f. .r.a.n.d.o.m. .g.o.o.d.s... .A. .l.a.r.g.e. .l.i.s.t. .o.f. .g.a.d.g.e.t.s.:. .n.o.t.e.b.o.o.k.s.,. .t.a.b.l.e.t.s. .a.n.d. .e.v.e.r. .d.r.o.n.e.s... .S.p.e.c.i.a.l. .g.a.m.e.r. .k.i.t.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.T.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.N.g.R.K.k.7.S.D.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".5.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.o.f.f

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1990
                                                                            Entropy (8bit):2.753604204781674
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl35IlE7ciUM+fClo+QxzxUQ1NReF2eKiO4ZbX6q2e75qy:8iwUlJYE7/lo1xJW2biZuq2Ry
                                                                            MD5:429704C30A02EEEB6BCA4737C4A5F049
                                                                            SHA1:0270DC252D54A07A5C023382FE77D45A77D99B88
                                                                            SHA-256:D8AF3EF86C63C3C2BE9E15521003B9FF03E6DE19C3F8F40E2F3B5EEC85B76B0A
                                                                            SHA-512:0EE30AC26433D9CFBC0BE9ADFF18EA08B1CDCC3DF401A16FD14A2C8A1EAC42493CA025FCF6CEDEEF67DDBFA768D162A63F728D6C4795F05062463AD03A97E8BA
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......^.A.l.i.e.x.p.r.e.s.s. .i.s. .a. .g.i.a.n.t. .v.i.r.t.u.a.l. .m.a.r.k.e.t.p.l.a.c.e. .w.h.e.r.e. .y.o.u. .c.a.n. .b.u.y. .g.o.o.d.s. .f.r.o.m. .a.n.y. .p.l.a.c.e. .i.n. .t.h.e. .w.o.r.l.d...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.7.2.3.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".2.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.l.i.e.x.p.r.e.s.s...i.c.o

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ArcheAge.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2002
                                                                            Entropy (8bit):2.7695029264981748
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl7sNEcBErblGVT+fClo+Qxzx/1NReW2M5iO4Zotwq2MK5qy:8iwUldrbe5lo1xvF2IiZoKq2ey
                                                                            MD5:FB04930EAB081F17CC93C4818B4EC50A
                                                                            SHA1:53ABADAA3CDC31F45F854AACF0E0EC9CEEA65FF9
                                                                            SHA-256:0EB0FF8039E9435B94CDB81752DEBD52C5511401432AE5A0D6C41EC586ABCB61
                                                                            SHA-512:45F12EC675670B367E686D514C47F1040BA8475776215561464B4F1CEEA53EE0300043BDCD1780359D633195ECD82439B6E6FFBE544242E29D8B8B635835A230
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......e.A. .M.M.O.R.P.G. .w.i.t.h. .a.b.i.l.i.t.y. .t.o. .c.r.e.a.t.e. .a.n. .o.w.n. .b.a.t.t.l.e. .c.l.a.s.s. .w.i.t.h. .e.l.e.m.e.n.t.s. .o.f. .M.i.d.d.l.e. .A.g.e.,. .m.a.g.i.c. .a.n.d. .s.t.e.a.m.p.u.n.k...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.9.1.0.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".1.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.r.c.h.e._.a

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Atomic Heart.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1952
                                                                            Entropy (8bit):2.7499408933589393
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlaKwwvQLX+fClo+Txzx+NReD2BiO4Zdz/yq2S5qy:8iwUlwZloyxwQ2BiZN6q2Ly
                                                                            MD5:B82B1280E3AC3D34BFC0E2BCB2136F3C
                                                                            SHA1:7E6E79A3C75D7EF6D4499D3FD5A5F918523ACA32
                                                                            SHA-256:DE9EA884178BA8CED3817CF845CDC57548BA7DE70E90354DECEF7D8EF00E70C9
                                                                            SHA-512:B50FC616A7336AED9BA7B96BF233BFD8A48E511EE1C008C8C382CD72B92EDC7DDCEE6E86D9874716EA221D11A369F8413BE7BD67CC445A2AF8F095B6867CC6F8
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......J.A.t.o.m.i.c. .H.e.a.r.t. .-. .t.h.e. .a.c.t.i.o.n.-.a.d.v.e.n.t.u.r.e. .R.P.G. .s.e.t. .i.n. .t.h.e. .a.l.t.e.r.n.a.t.e. .S.o.v.i.e.t. .U.n.i.o.n...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.1.1.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".4.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.t.o.m.i.c._.h.e.a.r.t...i.c.o.........%USERPROFILE%\AppData\Local\L

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Battle Teams.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1972
                                                                            Entropy (8bit):2.7544258321615787
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlHKj90U+MxQPwBRqSs+fClo+TxzxmNReD2oGWpiO4ZHSyq2oGW65qy:8iwUlGnzerloyx4Q2FYiZHJq2F2y
                                                                            MD5:ED303E62AA7CF002AF9B312617E44329
                                                                            SHA1:7F7D1791BF0339816D393C16392697FDE9FB1959
                                                                            SHA-256:7B4CCF89AE57511C5E3574AC48D7455A4C567D8CCDE1BD10777ADB22B5CDC150
                                                                            SHA-512:48ED88CAD7BFE5FEE82126F3A7F1916D6D5B58658ADFAF137C1D390C531103A285AF1274677EECBDB215CADC13598B1DCF57FF5C909D8009A50968E0A381D5ED
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......T.O.n.l.i.n.e. .m.u.l.t.i.p.l.a.y.e.r. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .w.i.t.h. .d.y.n.a.m.i.c. .b.a.t.t.l.e.s. .i.n. .a.n. .a.l.t.e.r.n.a.t.e. .f.u.t.u.r.e. .w.o.r.l.d...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.1.4.0.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".4.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.b.a.t.t.l.e._.t.e.a.m.s...i.c.o.........%USERPROF

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood and Soul.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2042
                                                                            Entropy (8bit):2.8186584491304347
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUldfpKdiWz4ZM+fClo+KxzxjNReB2mFseKiO4ZWcqq2mFseb5qy:8iwUlD8x4gloLxRS2mlKiZWbq2mlky
                                                                            MD5:82B790943297D76900156CDC675A5A5C
                                                                            SHA1:FB357C74E8AEB7245E41BCD23516B7F82A5C6461
                                                                            SHA-256:60CF745D042402609C6C837042280D363311FB5FCAD6F8DBBF576C72EC637880
                                                                            SHA-512:BDD69CD2B71FED693F11614586CCA1E52CFE3C11ADF41BB732312F5E7AA7E373D618E65DFACD502246607D56D3C5C6293F0E1C6CB36AED18EF72EAC39BEB8D28
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......v.B.l.o.o.d. .a.n.d. .S.o.u.l.,. .a. .M.M.O.R.P.G. .a.b.o.u.t. .H.e.a.v.e.n. .a.n.d. .H.e.l.l. .c.o.n.f.r.o.n.t.a.t.i.o.n... .P.l.a.y.e.r.s. .d.e.f.e.n.d. .t.h.e. .w.o.r.l.d. .a.g.a.i.n.s.t. .t.h.e. .i.n.v.a.s.i.o.n. .o.f. .d.e.m.o.n.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.7.1.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".6.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2010
                                                                            Entropy (8bit):2.741852448346481
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlQaj90UuqcplCCzip+fClo+Kxzx9NReZ2aiO4ZCKq2L5qy:8iwUlXnEVijloLxPK2aiZpq2Uy
                                                                            MD5:D9863F3166A330F1E42D56BF2159095C
                                                                            SHA1:4AA67A3BB161130740BA513CDCDC01A260B9D32E
                                                                            SHA-256:16F4E5F3410B80279D1110AF5061E8F1E2476CEA91712929B952E8C57357A298
                                                                            SHA-512:82F9DF3B565C6CB7D0CAF4E8617CD21006B2315DE514C96C750009F99BE0FE37B81EDA60D3649659C1C9455289D8A0070A7E3B4F1EDAE19B4192E3D62080E00A
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......n.N.e.w. .g.e.n.e.r.a.t.i.o.n. .m.u.l.t.i.p.l.a.y.e.r. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .g.a.m.e. .w.i.t.h. .P.v.P. .a.n.d. .P.v.E. .m.o.d.e.s... .T.e.a.m. .p.l.a.y. .a.n.d. .t.a.c.t.i.c.s. .a.r.e. .c.r.u.c.i.a.l. .h.e.r.e...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.9.1.1.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=."...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2006
                                                                            Entropy (8bit):2.7490311553723292
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlw2eOqBYqgKUCh0gT+fClo+QxzxzNReH25ziO4Zj/Cq25Y5qy:8iwUlOYUhr5lo1xxU2hiZjKq2ry
                                                                            MD5:55E0F8AF18B887C971A6C0EECD9CAACD
                                                                            SHA1:28944B7EDDA59B3BF79EC66280314E88B6C8AD6B
                                                                            SHA-256:E67CF3C4ACDC6AE7E8F6D5E73457702D3B3BD17A864CF17BD721C0CA5B17533B
                                                                            SHA-512:FFD3FC616E85C56B93544A7B6022BBE12ADF6111BA1F8CB039E5A62668C37BF0F1D4E44BCABC4B9B7EC7BD133C5590C61F463790DFF9E08BB07B36394E188EE3
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......h.C.r.o.s.s.o.u.t. .. .a. .p.o.s.t.a.p.o.c.a.l.y.t.p.i.c. .a.c.t.i.o.n. .w.h.e.r.e. .y.o.u. .a.r.e. .a.b.l.e. .t.o. .b.u.i.l.d. .a.n. .a.r.m.o.r.e.d. .v.e.h.i.c.l.e. .f.r.o.m. .a.n.y. .s.p.a.r.e. .p.a.r.t.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.9.1.5.0.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.c.r.o.s

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2072
                                                                            Entropy (8bit):2.78100882645256
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlBUY4SUS2AeWhP6T+fClo+QxzxY1NReH2ClKiO4Z7tCq2Clr5qy:8iwUlBUcUC8lo1xGU2oKiZ7gq2o0y
                                                                            MD5:42F27BC39FF4069DE60A4DE7B746EE2A
                                                                            SHA1:4A6EE59F4B531749F637BB723DF702DDD3A36047
                                                                            SHA-256:DB12DDFED82296BB2AD8871205C1DB102676BC7D00640AEC9FD223BE9651598A
                                                                            SHA-512:E5F3A24FE6E80439B1113FCA0DE7A151FA856A09964E71912692922A0DA49C6DE6E6941E8C2A5DB39535BFC9C585A3E4B0668CDA144C8B62D7753D696112B3A1
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........E.n.l.i.s.t.e.d. .-. .l.e.a.d. .y.o.u.r. .s.q.u.a.d. .o.f. .s.o.l.d.i.e.r.s. .i.n. .l.a.r.g.e.-.s.c.a.l.e. .r.e.a.l.i.s.t.i.c. .c.o.m.b.a.t. .f.i.g.h.t.i.n.g. .t.o.g.e.t.h.e.r. .o.n. .t.h.e. .m.o.s.t. .f.a.m.o.u.s. .b.a.t.t.l.e.f.i.e.l.d.s. .o.f. .W.o.r.l.d. .W.a.r. .I.I...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.3.4.2.8.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost Ark.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2068
                                                                            Entropy (8bit):2.7980249836643423
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl4a5iN6n+VoHEZp+fClo+KxzxW1NReH221iO4ZYCq22W5qy:8iwUl4gt+VoGjloLx0U221iZXq22Py
                                                                            MD5:C53E898CFAAF92C3D3FF8CE028FFF105
                                                                            SHA1:4564556C667777755AED8F29435AECB925A1432D
                                                                            SHA-256:122F79BE94EA7B85629B48DCC3B03259ED456A60FAA5967E67D772DE113296DF
                                                                            SHA-512:4327E1636F0D5435F13417FD80802D286FA2FC25FEC91E9B15195E947505173A99D62EB727843BF4C8B23DA39CBFCEF3E134709CF66645818C03A73C06E3AA5F
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........L.o.s.t. .A.r.k. .i.n. .a.n. .u.n.i.q.u.e. .b.l.e.n.d. .o.f. .o.l.d. .s.c.h.o.o.l. .A.c.t.i.o.n.-.R.P.G. .a.n.d. .b.e.s.t. .M.M.O. .e.l.e.m.e.n.t.s. .i.n. .a. .b.r.e.a.t.h.t.a.k.i.n.g. .w.o.r.l.d.,. .f.u.l.l. .o.f. .a.d.v.e.n.t.u.r.e.s. .a.n.d. .o.p.p.o.r.t.u.n.i.t.i.e.s.!.2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.8.3.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r.s.\

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Perfect World.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2120
                                                                            Entropy (8bit):2.8574416491087207
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlfb4TwiRrI4+fClo+Wxzx/1NReS2+IiO4ZhAq2+l5qy:8iwUlj4TwWlovxPB2LiZWq2xy
                                                                            MD5:587486DBDAD0B651E9AA098C318A764A
                                                                            SHA1:2EE706925949EE1272C0E86AB93EA5E96352B410
                                                                            SHA-256:884D6808B79C38E535AFE39B7A3D72F2EB909BA70B5BFA3CA7E96587BAA21B46
                                                                            SHA-512:5EFBB5FE2E9F7ABE6EB1613704887E23C771F897732CBAA8513D92553F3D7F9EF8D0A86556A78F3DBD9D308133A82E4A9FCB32D1EFC760620DDF51A8C51D2A31
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........A. .s.t.u.n.n.i.n.g. .f.r.e.e.-.t.o.-.p.l.a.y. .M.M.O.R.P.G. .w.h.e.r.e. .p.l.a.y.e.r.s. .c.a.n. .f.l.y. .f.r.e.e.l.y. .t.h.r.o.u.g.h. .t.h.e. .s.k.i.e.s.,. .e.x.p.l.o.r.e. .d.a.n.g.e.r.o.u.s. .d.u.n.g.e.o.n.s.,. .o.r. .j.o.i.n. .i.n.t.e.n.s.e. .P.v.P. .b.a.t.t.l.e.s. .f.o.r. .p.o.w.e.r. .a.n.d. .l.a.n.d...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.S.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.3.4.8.0.0.5.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail Nation.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1944
                                                                            Entropy (8bit):2.7315713370694845
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlbMMUvUD8+fClo+Txzxc4NReFm21IkiO4Z6mYq21IB5qy:8iwUlbMM6loyx5em2+kiZ+q2+ay
                                                                            MD5:2ED9666F1D760DA0B6C37CD213BC7493
                                                                            SHA1:526E78C554EF926739F5AE2D82D13EFD06E1E704
                                                                            SHA-256:6CC5E8D96A6BB44AF041CFCC08F2DE833EDD25A56CC716FD34D24B3F0197AEF3
                                                                            SHA-512:31513A46654645775D6047BC7E454868A5AF59DD75FA106D01DD3E55D032B2A918B2AE5F83930ADF78F7FE0D2D9A6002049FBE1BC33C0A48C7C6ED93A7BFACCF
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......G.O.n.l.i.n.e. .s.t.r.a.t.e.g.y. .g.a.m.e.,. .w.h.e.r.e. .y.o.u. .c.a.n. .c.r.e.a.t.e. .r.a.i.l.r.o.a.d. .c.o.m.p.a.n.y. .i.n. .a.n.y. .a.g.e...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.6.7.3.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.r.a.i.l._.n.a.t.i.o.n...i.c.o.........%USERPROFILE%\AppData\Local\Links\rai

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2028
                                                                            Entropy (8bit):2.7953387427503933
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlAwOuL/1+fClo+Txzxs2NReFm26iO4ZOXYq2z5qy:8iwUl0sloyxG2em26iZRq2cy
                                                                            MD5:584D8AA41028C93084A807FFDEF83880
                                                                            SHA1:E402336CFFDCB051FE5DBE800374AC8C57543E42
                                                                            SHA-256:CCF91619BF39CF40250EC29285A86D1A77AF6C929FA4ECEE774778B4AA6A9F10
                                                                            SHA-512:D6A689CEA3AB733E5489147946E462EB150CA59F1F18BFCBEFECB505C8327EEB0C25607AE796B2F14249331381343DF62FDF1629740EF19C75DB61B12803BF38
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......q.W.a.r. .T.h.u.n.d.e.r.,. .a. .r.e.a.l.i.s.t.i.c. .f.i.g.h.t. .s.i.m.u.l.a.t.o.r... .T.a.n.k.s.,. .a.i.r.c.r.a.f.t.s. .a.n.d. .f.l.e.e.t. .o.f. .W.W.I.I. .a.n.d. .p.o.s.t.-.W.W.I.I. .e.r.a. .e.n.g.a.g.e. .i.n. .b.a.t.t.l.e.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.9.2.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1992
                                                                            Entropy (8bit):2.741897045832919
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlsjCW70U+MxoNJWLMAPCULp+fClo+QxzxxNReI2ftKiO4ZGIq2ftD5qy:8iwUl2Rz8QFLjlo1xDb2VKiZJq2Vsy
                                                                            MD5:045E6596A20B1157CA271C28258E9DD3
                                                                            SHA1:BB6DC49AE8D0F34CAF994CF27E062D7F04F45FE3
                                                                            SHA-256:991B852529FD431B4C4C3C586A2E6EAB59F9AF593FAFD79AB900977443CABCDA
                                                                            SHA-512:A7CD7B4F06624BF65330DABAA7CC7956A1A816B5163D321960043A65120CF3CC41957D799B225261412E489787A1603BD8283403046F0ACEF72907852217E506
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......b.W.a.r.f.a.c.e.,. .a.n. .a.c.t.i.o.n.-.p.a.c.k.e.d. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .w.i.t.h. .f.r.e.e. .a.c.c.e.s.s... .A.n. .e.x.p.l.o.s.i.v.e. .m.i.x. .o.f. .s.p.e.e.d. .a.n.d. .t.e.a.m.w.o.r.k.!.2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.0.9.3.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=."./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.w.a.r.f.a.c.e...i.c

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2030
                                                                            Entropy (8bit):2.8304337314512518
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl5K5gBw/Wps+fClo+Qxzx24NRe+2/5iO4ZRQq2/K5qy:8iwUl55BiWAlo1xo4N2RiZ2q2by
                                                                            MD5:D13FB87AD0AC4DDAD19AC7B44177B8F4
                                                                            SHA1:C1EFEABB7B8D43498814B99583CAF52DA54EA38F
                                                                            SHA-256:AE27C03BE79E4D954B34D7E756BC01118A0D2C35D2E8CD8596EAE07BA36E3DAF
                                                                            SHA-512:992B1BA198436D44EC28FF9C562815F1DFA29678E7395403CCD8A3FB7EAF4C5452752852F657942097B176367CC8A2FFC7804B495FC8785972BEFBB422E6AF76
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......k.W.o.r.l.d. .o.f. .T.a.n.k.s. .. .a. .l.e.g.e.n.d.a.r.y. .t.e.a.m. .t.a.n.k. .a.c.t.i.o.n. .o.n.l.i.n.e. .g.a.m.e... .1.6.0. .m.i.l.l.i.o.n.s. .o.f. .u.s.e.r.s. .a.n.d. .2.6. .p.r.e.s.t.i.g.e.o.u.s. .a.w.a.r.d.s...2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.9.7.0.6.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.w

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2232
                                                                            Entropy (8bit):2.934561192274074
                                                                            Encrypted:false
                                                                            SSDEEP:48:8iwUlDbjJ2a++Pjlo1xv42bt5iZxUq2btjy:8ivHjJccZo1Ft+Stjy
                                                                            MD5:52DB739DC7BF59B14CAE537B0A1B69CA
                                                                            SHA1:EFD446B1366A611D899AEAB6C8289E7E46715C3E
                                                                            SHA-256:3CE2EAD8FD120AB2A4A945F99EB54D7E4797E9864C74F9C5CEFAA26F592BB167
                                                                            SHA-512:4DA2637B3CB7B145555F5AD77501737309E72C25AA1C1F32750628FB13A29706B4B1CAE49F6B43F9FEA866186423FA084A9C8CE565045746CD2309D5A28BA157
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........W.o.r.l.d. .o.f. .W.a.r.s.h.i.p.s. .. .r.e.a.l.t.i.m.e. .n.a.v.a.l. .b.a.t.t.l.e.s. .g.a.m.e. .f.r.o.m. .t.h.e. .c.r.e.a.t.o.r.s. .o.f. .W.o.r.l.d. .o.f. .T.a.n.k.s... .I.n. .t.h.i.s. .g.a.m.e. .f.l.e.e.t.s. .o.f. .l.e.g.e.n.d.a.r.y. .w.a.r. .f.r.o.m. .t.h.e. .f.i.r.s.t. .h.a.l.f. .o.f. .t.h.e. .t.w.e.n.t.i.e.t.h. .c.e.n.t.u.r.y... .B.e.c.o.m.e. .t.h.e. .b.e.s.t. .a.n.d. .c.o.n.q.u.e.r. .t.h.e. .s.e.a.s.!.2.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././

                                                                            C:\Users\user\Desktop\???????? ?????? Steam.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2010
                                                                            Entropy (8bit):2.7739382248803914
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlpBMic/+fClo+3vxzxSNReF2AsOEiO4ZR6q2AsOp5qy:8iwUlpB1clouvxEW2AsOEiZ8q2AsOiy
                                                                            MD5:64D124DA24CE10FC4AC02350985DAB17
                                                                            SHA1:9B55E2BD3BBE0E3A9BEBDB778128AF9DD6E19C71
                                                                            SHA-256:FB93AAC2A094AA07A81371B7C6EBE1EFDABE79473976FE165F68EC423B1023ED
                                                                            SHA-512:CB24FB8F9CED5D270D3DEC0A46525261641CBF96C9ED7AF45B497D7A106765B772D0F288BC5641C36793154EFEFE7DB5227A88ECCDA4DFD90B92A305BBE2BA7A
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......q.S.t.e.a.m. .k.e.y.s. .d.r.a.w.i.n.g. .o.f. .a.l.l. .t.h.e. .p.o.p.u.l.a.r. .g.a.m.e.s. .i.n. .S.t.e.a.m... .K.e.y.s. .f.o.r. .n.e.w. .g.a.m.e.s.,. .p.r.e.o.r.d.e.r.s. .a.n.d. .a.d.d.o.n.s. .t.o. .t.h.e. .b.e.s.t. .g.a.m.e.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.T.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.d.F.j.m.Q.F.j.X.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".2.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.s.t.e.a

                                                                            C:\Users\user\Desktop\???????? ??????? ???????.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1994
                                                                            Entropy (8bit):2.790740148228094
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlnPWUU8+x7i+fClo+3vxzxLo6NReS2BiO4Z3Aq2y5qy:8iwUlXf+xMlouvxFB2BiZQq2ry
                                                                            MD5:6CCACF04C2DFBC2C46EE9A845B2D0389
                                                                            SHA1:71FA345E04DB5D1F18648D484B4A62EF2AAD55B8
                                                                            SHA-256:B88FC6013EFC216179E46D0063924E98594605391AC4476565D8834A8F8E211A
                                                                            SHA-512:E46BA8771722ED46B07D2674022C7D3C18B08F653C0E225C7438BA6D4855021848940109A0E7BB8C26CC480270BC2DEA796409C90DDDBD439B9FEA73E6DB318C
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......f.D.r.a.w. .o.f. .r.a.n.d.o.m. .g.o.o.d.s... .A. .l.a.r.g.e. .l.i.s.t. .o.f. .g.a.d.g.e.t.s.:. .n.o.t.e.b.o.o.k.s.,. .t.a.b.l.e.t.s. .a.n.d. .e.v.e.r. .d.r.o.n.e.s... .S.p.e.c.i.a.l. .g.a.m.e.r. .k.i.t.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.T.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.N.g.R.K.k.7.S.D.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".5.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.o.f.f.l.i.n.e._.i.t.e.m.s...i

                                                                            C:\Users\user\Desktop\Aliexpress.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1966
                                                                            Entropy (8bit):2.7454321417175596
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl35IlE7ciU4+fClo+QxzxUQ1NReF2eKiO4ZbX6q2e75qy:8iwUlJYE7rlo1xJW2biZuq2Ry
                                                                            MD5:403E660BDC9F74C33E1A8FD6D026B425
                                                                            SHA1:7EB4A8013B2DC9F95367362FB7B524D3C94C85FD
                                                                            SHA-256:1FF2F276328545510E173EAA804D3790A19845327DD28F112C35062400E247DD
                                                                            SHA-512:1EDB0E249FDFCEFF886D4EEC606045DC03132055D076B964DB21DB8E6B454325B59488DF5557E690F1CA379BB5E40C671FA299642684877B65BB79845CAA4734
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......^.A.l.i.e.x.p.r.e.s.s. .i.s. .a. .g.i.a.n.t. .v.i.r.t.u.a.l. .m.a.r.k.e.t.p.l.a.c.e. .w.h.e.r.e. .y.o.u. .c.a.n. .b.u.y. .g.o.o.d.s. .f.r.o.m. .a.n.y. .p.l.a.c.e. .i.n. .t.h.e. .w.o.r.l.d...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.7.2.3.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".2.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.l.i.e.x.p.r.e.s.s...i.c.o.........%USERPROFILE%\A

                                                                            C:\Users\user\Desktop\ArcheAge.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1978
                                                                            Entropy (8bit):2.7614299234693425
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl7sNEcBErblGVn+fClo+Qxzx/1NReW2M5iO4Zotwq2MK5qy:8iwUldrbetlo1xvF2IiZoKq2ey
                                                                            MD5:A3F4F3F24F858D1ACCD5CAF83F6AFE43
                                                                            SHA1:46F712569765AC2A97316C1A51ECA976D3A120B0
                                                                            SHA-256:16372CE5884ECD05631703593D86CF815E42BA55ECE33B5859B478EF5F4D8154
                                                                            SHA-512:B116CE23F6F620A27B18418046847BCA33548D6D88358378CFF930248D5654ADC03D90740A457837430F7D4BE2F26F07C0C7B7AF80219887DA38C81B3E7B1E41
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......e.A. .M.M.O.R.P.G. .w.i.t.h. .a.b.i.l.i.t.y. .t.o. .c.r.e.a.t.e. .a.n. .o.w.n. .b.a.t.t.l.e. .c.l.a.s.s. .w.i.t.h. .e.l.e.m.e.n.t.s. .o.f. .M.i.d.d.l.e. .A.g.e.,. .m.a.g.i.c. .a.n.d. .s.t.e.a.m.p.u.n.k...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.9.1.0.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".1.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.r.c.h.e._.a.g.e...i.c.o.........%US

                                                                            C:\Users\user\Desktop\Atomic Heart.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1928
                                                                            Entropy (8bit):2.741617630632301
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlaKwwvQLj+fClo+Txzx+NReD2BiO4Zdz/yq2S5qy:8iwUlwNloyxwQ2BiZN6q2Ly
                                                                            MD5:9E018DA5D240C6AC098DF82BC4349C4A
                                                                            SHA1:644410CBFD176B3B87912AA89B592EE02DE08D36
                                                                            SHA-256:DBEFAACF5E0493F44A7D732199832724E7B370601076BEBEAC7EB460EA44E7F7
                                                                            SHA-512:BC390A04B17BCCBB327F2BE125B02E74FA59ADD24983F9796A81707DADC80F441708506CC15D75282FD035FCC831F981D31C8D5BAA6EE6968BA93191A17DF3EF
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......J.A.t.o.m.i.c. .H.e.a.r.t. .-. .t.h.e. .a.c.t.i.o.n.-.a.d.v.e.n.t.u.r.e. .R.P.G. .s.e.t. .i.n. .t.h.e. .a.l.t.e.r.n.a.t.e. .S.o.v.i.e.t. .U.n.i.o.n...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.1.1.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".4.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.a.t.o.m.i.c._.h.e.a.r.t...i.c.o.........%USERPROFILE%\AppData\Local\Links\atomic_heart.ico...

                                                                            C:\Users\user\Desktop\Battle Teams.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1948
                                                                            Entropy (8bit):2.7461267569714956
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlHKj90U+MxQPwBRqSY+fClo+TxzxmNReD2oGWpiO4ZHSyq2oGW65qy:8iwUlGnze/loyx4Q2FYiZHJq2F2y
                                                                            MD5:18C461A9F7B2A8E0A9E3E78BD76E20FF
                                                                            SHA1:EFCC61B333FD6749A20D0A88F13D7BA67F026CCC
                                                                            SHA-256:8684D740581D7BA9F98E6AE403CFA7BC0EF92D182D77CF85BB3A2EE94DD496FD
                                                                            SHA-512:F42494904AAF84A76F59632CB2EEA474833AA2FB24476C1F2CF5086119EBE9E73E241B04237BAF85C61F6C12F430CC93329EAD411791C557269BF5DDB4591A03
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......T.O.n.l.i.n.e. .m.u.l.t.i.p.l.a.y.e.r. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .w.i.t.h. .d.y.n.a.m.i.c. .b.a.t.t.l.e.s. .i.n. .a.n. .a.l.t.e.r.n.a.t.e. .f.u.t.u.r.e. .w.o.r.l.d...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.1.4.0.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".4.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.b.a.t.t.l.e._.t.e.a.m.s...i.c.o.........%USERPROFILE%\AppData\Local\Links

                                                                            C:\Users\user\Desktop\Blood and Soul.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2018
                                                                            Entropy (8bit):2.8112599510563725
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUldfpKdiWz4Z4+fClo+KxzxjNReB2mFseKiO4ZWcqq2mFseb5qy:8iwUlD8x40loLxRS2mlKiZWbq2mlky
                                                                            MD5:2ADF338DD71CCA93A5B6E878E4DE4329
                                                                            SHA1:A2335F4FA198C6231F05F9C2DF387D0316CC87A9
                                                                            SHA-256:CB6CAB41AF878EF85E4E44C938AA29C226B581CB244EB0080E630F714C9D26BF
                                                                            SHA-512:3EAE8ECFA0CA6176936FAA694F7D68BDAD572F2111DC7B947E8A0936EDF453D05BA074EDCA40269D28CB942C5D6D5B39AA3FCBCC884EBBE6609F5C89B08ACFA0
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......v.B.l.o.o.d. .a.n.d. .S.o.u.l.,. .a. .M.M.O.R.P.G. .a.b.o.u.t. .H.e.a.v.e.n. .a.n.d. .H.e.l.l. .c.o.n.f.r.o.n.t.a.t.i.o.n... .P.l.a.y.e.r.s. .d.e.f.e.n.d. .t.h.e. .w.o.r.l.d. .a.g.a.i.n.s.t. .t.h.e. .i.n.v.a.s.i.o.n. .o.f. .d.e.m.o.n.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.7.1.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".6.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.b.l.o.o

                                                                            C:\Users\user\Desktop\Caliber.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1986
                                                                            Entropy (8bit):2.733933357187641
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlQaj90UuqcplCCzi9/+fClo+Kxzx9NReZ2aiO4ZCKq2L5qy:8iwUlXnEVi9FloLxPK2aiZpq2Uy
                                                                            MD5:3CE542E89C080D8A7F48BB8B46D5501E
                                                                            SHA1:873529342DABE43F9F72D193A7080EC8FB8CB24E
                                                                            SHA-256:B57AAAAABD429A8054E914D7D59BC8178DCB5EA4608D727B447B7EA56AD9A9E8
                                                                            SHA-512:E9A1E12F2AFDE157BAE1FD8826E895D627E58BB07B26099682852E2402B364DC2EB46936F3D6EE18B0D72DFFE0CB794FDA466162A79E0A43F137CFAA235F35B1
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......n.N.e.w. .g.e.n.e.r.a.t.i.o.n. .m.u.l.t.i.p.l.a.y.e.r. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .g.a.m.e. .w.i.t.h. .P.v.P. .a.n.d. .P.v.E. .m.o.d.e.s... .T.e.a.m. .p.l.a.y. .a.n.d. .t.a.c.t.i.c.s. .a.r.e. .c.r.u.c.i.a.l. .h.e.r.e...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.9.1.1.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=."...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.c.a.l.i.b.r...i.c.o....

                                                                            C:\Users\user\Desktop\Crossout.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1982
                                                                            Entropy (8bit):2.740710482261309
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlw2eOqBYqgKUCh0gn+fClo+QxzxzNReH25ziO4Zj/Cq25Y5qy:8iwUlOYUhrtlo1xxU2hiZjKq2ry
                                                                            MD5:6EFA7E610753A0AD736592785B60F3CE
                                                                            SHA1:6071E19D214581674F77117272748A7295C799A5
                                                                            SHA-256:CC5CA69474C429A73560FC36F76F124C88C0F3D83916313E926D861759C4E6CA
                                                                            SHA-512:741617CB50D2C3D3DA355E67B5FF9F7D0A048ACE9ACDA80EDC629C0522078DAD3438CBCCD13B2393477D48BF4C04007BADFDE9019D24D66959BB94046B6B8761
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......h.C.r.o.s.s.o.u.t. .. .a. .p.o.s.t.a.p.o.c.a.l.y.t.p.i.c. .a.c.t.i.o.n. .w.h.e.r.e. .y.o.u. .a.r.e. .a.b.l.e. .t.o. .b.u.i.l.d. .a.n. .a.r.m.o.r.e.d. .v.e.h.i.c.l.e. .f.r.o.m. .a.n.y. .s.p.a.r.e. .p.a.r.t.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.9.1.5.0.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.c.r.o.s.s.o.u.t...i.c.o........

                                                                            C:\Users\user\Desktop\Enlisted.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2048
                                                                            Entropy (8bit):2.772986244122015
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlBUY4SUS2AeWhP6n+fClo+QxzxY1NReH2ClKiO4Z7tCq2Clr5qy:8iwUlBUcUCIlo1xGU2oKiZ7gq2o0y
                                                                            MD5:4DBE7E2F79B3B22B5C95721B6B7ECE91
                                                                            SHA1:F9CFC82D8F5E80E310EE2F3406B4AF9A5E273F54
                                                                            SHA-256:F158A20F423AF3312D5DA05D4334D9CB184DE6C7CBBC03B7210C2C318BEBB890
                                                                            SHA-512:39A1A53D7C6317250E35FA24F5D0B2D712C3467F4C6A12A63D7BD3E3216443015CC07AB6E6893FAD4BCF7BAF73509ED0FD1E4A4AB1EAD03CCD4284DC03701A6F
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........E.n.l.i.s.t.e.d. .-. .l.e.a.d. .y.o.u.r. .s.q.u.a.d. .o.f. .s.o.l.d.i.e.r.s. .i.n. .l.a.r.g.e.-.s.c.a.l.e. .r.e.a.l.i.s.t.i.c. .c.o.m.b.a.t. .f.i.g.h.t.i.n.g. .t.o.g.e.t.h.e.r. .o.n. .t.h.e. .m.o.s.t. .f.a.m.o.u.s. .b.a.t.t.l.e.f.i.e.l.d.s. .o.f. .W.o.r.l.d. .W.a.r. .I.I...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.3.4.2.8.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p

                                                                            C:\Users\user\Desktop\Lost Ark.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2044
                                                                            Entropy (8bit):2.7898945707010365
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl4a5iN6n+VoHEz+fClo+KxzxW1NReH221iO4ZYCq22W5qy:8iwUl4gt+VowloLx0U221iZXq22Py
                                                                            MD5:6110E7C0CA9A0DC54ECF9AAD372D1D0A
                                                                            SHA1:F915FE87F36E524AEDD9EFBCC4F33E341C8D1F9E
                                                                            SHA-256:34FBB2420803EA15E92437B8203C0D86D91F1F753FB75F2AE2ED9CDEE5758C9F
                                                                            SHA-512:D3EC1358053392968EB759F89253B668ED28E51687C71BC8E96A45D1BDFB3AC8B846BB8AEE6C486BC826F250F5AE22DEEB2D5D91D9AC36574D7603F95C142D5C
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........L.o.s.t. .A.r.k. .i.n. .a.n. .u.n.i.q.u.e. .b.l.e.n.d. .o.f. .o.l.d. .s.c.h.o.o.l. .A.c.t.i.o.n.-.R.P.G. .a.n.d. .b.e.s.t. .M.M.O. .e.l.e.m.e.n.t.s. .i.n. .a. .b.r.e.a.t.h.t.a.k.i.n.g. .w.o.r.l.d.,. .f.u.l.l. .o.f. .a.d.v.e.n.t.u.r.e.s. .a.n.d. .o.p.p.o.r.t.u.n.i.t.i.e.s.!.&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.O.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.8.3.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".0.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a

                                                                            C:\Users\user\Desktop\Perfect World.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2096
                                                                            Entropy (8bit):2.8501329248188547
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlfb4TwiRrIM+fClo+Wxzx/1NReS2+IiO4ZhAq2+l5qy:8iwUlj4TwClovxPB2LiZWq2xy
                                                                            MD5:4FEF5DAE1DDA4364B7A7A7D5E2E51377
                                                                            SHA1:08D9762253553335C2B87E167242CF2BBB17675B
                                                                            SHA-256:F6A51CBBCF1028BAED0477DE1365E7E986B306F15B1BF2FD90EE950B495EB017
                                                                            SHA-512:85165A80CAAFB010993327ABB167080B32B36C9299336C562282130725000B8A4E4BA38EA52599CF64D89E4877E3CFA220D36779FE8CE995C21805CA94259C21
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........A. .s.t.u.n.n.i.n.g. .f.r.e.e.-.t.o.-.p.l.a.y. .M.M.O.R.P.G. .w.h.e.r.e. .p.l.a.y.e.r.s. .c.a.n. .f.l.y. .f.r.e.e.l.y. .t.h.r.o.u.g.h. .t.h.e. .s.k.i.e.s.,. .e.x.p.l.o.r.e. .d.a.n.g.e.r.o.u.s. .d.u.n.g.e.o.n.s.,. .o.r. .j.o.i.n. .i.n.t.e.n.s.e. .P.v.P. .b.a.t.t.l.e.s. .f.o.r. .p.o.w.e.r. .a.n.d. .l.a.n.d...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.S.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.3.4.8.0.0.5.3.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".5

                                                                            C:\Users\user\Desktop\Rail Nation.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1920
                                                                            Entropy (8bit):2.723044887022326
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlbMMUvUDm/+fClo+Txzxc4NReFm21IkiO4Z6mYq21IB5qy:8iwUlbMMiFloyx5em2+kiZ+q2+ay
                                                                            MD5:9FDE91D68CB69E17A2D7713ACE78C9A7
                                                                            SHA1:767817821B98F4E4EAB3665A309228D6DC6CD1D7
                                                                            SHA-256:75935CCD45004D8151A83126EE908801A17B9D31C0EA362CA35C77A015703B11
                                                                            SHA-512:D6E58387769B9341FCDFC1F60FF04DEFFB3DC8F92E21ABCA32379779D87D8DAE40AB2EB474F5B6DAF3A31E3EF555036C2F16C0DC84F5AE2C930E8C6861748D4A
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......G.O.n.l.i.n.e. .s.t.r.a.t.e.g.y. .g.a.m.e.,. .w.h.e.r.e. .y.o.u. .c.a.n. .c.r.e.a.t.e. .r.a.i.l.r.o.a.d. .c.o.m.p.a.n.y. .i.n. .a.n.y. .a.g.e...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.6.7.3.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.r.a.i.l._.n.a.t.i.o.n...i.c.o.........%USERPROFILE%\AppData\Local\Links\rail_nation.ico............

                                                                            C:\Users\user\Desktop\War Thunder.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2004
                                                                            Entropy (8bit):2.7877706506695774
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlAwOuL/h+fClo+Txzxs2NReFm26iO4ZOXYq2z5qy:8iwUl0YloyxG2em26iZRq2cy
                                                                            MD5:A1416E67E25EAE6423AB565D7D068044
                                                                            SHA1:14A80B81D780EBE7A1580996EC3A0D609914FA11
                                                                            SHA-256:6BC23F7714C9B0E38CFDA0EA3712268069E62AFE0E5DC90924D129787D66F67A
                                                                            SHA-512:9ECBA46452D5245CE9CB3620E54A77EFA6B9328B69966A4A14F437FBE989E202D6906477E277E86CBBE64B1146D4CB178DCD9F7F2B14CE1DB586EC7C36088BBA
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......q.W.a.r. .T.h.u.n.d.e.r.,. .a. .r.e.a.l.i.s.t.i.c. .f.i.g.h.t. .s.i.m.u.l.a.t.o.r... .T.a.n.k.s.,. .a.i.r.c.r.a.f.t.s. .a.n.d. .f.l.e.e.t. .o.f. .W.W.I.I. .a.n.d. .p.o.s.t.-.W.W.I.I. .e.r.a. .e.n.g.a.g.e. .i.n. .b.a.t.t.l.e.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.P.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.9.2.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.w.a.r._.t.h.u.n

                                                                            C:\Users\user\Desktop\Warface.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1968
                                                                            Entropy (8bit):2.7335286087680317
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUlsjCW70U+MxoNJWLMAPCUp+fClo+QxzxxNReI2ftKiO4ZGIq2ftD5qy:8iwUl2Rz8QFjlo1xDb2VKiZJq2Vsy
                                                                            MD5:5B76CB77146266396E204D100F374509
                                                                            SHA1:B997A6697C3F87DE7D804CF741300769AD5B562B
                                                                            SHA-256:C903DDE5B5E6F147E72C6EFE65A7C8DB3708185F6A9DCCE5E80BB62F26FA106F
                                                                            SHA-512:33FF04053B79C4FD41A3F995A7AD6900AD3B5D3819E387FDEEA4583BFDF5FE04DDB79427BA810531BC6D5374614382E8A729890B99ED7B420E76746868977A08
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......b.W.a.r.f.a.c.e.,. .a.n. .a.c.t.i.o.n.-.p.a.c.k.e.d. .o.n.l.i.n.e. .s.h.o.o.t.e.r. .w.i.t.h. .f.r.e.e. .a.c.c.e.s.s... .A.n. .e.x.p.l.o.s.i.v.e. .m.i.x. .o.f. .s.p.e.e.d. .a.n.d. .t.e.a.m.w.o.r.k.!.&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.2.0.9.3.5.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=."./.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.w.a.r.f.a.c.e...i.c.o.........%USERPROFILE%

                                                                            C:\Users\user\Desktop\World of Tanks.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2006
                                                                            Entropy (8bit):2.823200902912246
                                                                            Encrypted:false
                                                                            SSDEEP:24:8e/BuUl5K5gBw/WpY+fClo+Qxzx24NRe+2/5iO4ZRQq2/K5qy:8iwUl55BiWUlo1xo4N2RiZ2q2by
                                                                            MD5:8845CB74C4ABA3BD2A755E1C41EAD85A
                                                                            SHA1:2A079EAB49351170805FEAE7979FE13F33D49841
                                                                            SHA-256:D1672A64F827F97BDDB16599E7CEC0C9EF3D4C3A76AC4DFFC0E6B3BF93012753
                                                                            SHA-512:C6C85E891280FCF0257C3E28FF2F8983AF5244D1B78819D2E2DB7785E7DC34E98783614CC810315FDF44496FC0D1FB1C0619BCA7074C43113D3D9416E05A1C20
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.......k.W.o.r.l.d. .o.f. .T.a.n.k.s. .. .a. .l.e.g.e.n.d.a.r.y. .t.e.a.m. .t.a.n.k. .a.c.t.i.o.n. .o.n.l.i.n.e. .g.a.m.e... .1.6.0. .m.i.l.l.i.o.n.s. .o.f. .u.s.e.r.s. .a.n.d. .2.6. .p.r.e.s.t.i.g.e.o.u.s. .a.w.a.r.d.s...&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./.g.l./.?.c.i.d.=.&.o.i.d.=.1.9.7.0.6.&.v.=.6.&.u.t.m._.c.a.m.p.a.i.g.n.=.t.e.s.t.&.t.r.a.s.h.=.".9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.L.i.n.k.s.\.w.o.r.l.d._.o.f._.t.a.n.k

                                                                            C:\Users\user\Desktop\World of Warships.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2208
                                                                            Entropy (8bit):2.928150051468129
                                                                            Encrypted:false
                                                                            SSDEEP:48:8iwUlDbjJ2a++flo1xv42bt5iZxUq2btjy:8ivHjJcio1Ft+Stjy
                                                                            MD5:B86E6AAC01A842A1180ACFC7AF09CE17
                                                                            SHA1:0EC311EABDB0E73A32790BF54871178F1EA6B4EA
                                                                            SHA-256:DFF820CF833BF11BB4BE075457AB6460632C7F026015CC773A867F7944723645
                                                                            SHA-512:9E8A832B3ACD227413C0EE2C761F53D0C93FD82CE3C7FF5B8BEAE0C69F3F379B0432312762D4317D1EFB9A768DF440A185220B254A7CF381B19C4E26DA2F0BCF
                                                                            Malicious:false
                                                                            Preview:L..................F.@......................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........rundll32.exe..J............................................r.u.n.d.l.l.3.2...e.x.e.........W.o.r.l.d. .o.f. .W.a.r.s.h.i.p.s. .. .r.e.a.l.t.i.m.e. .n.a.v.a.l. .b.a.t.t.l.e.s. .g.a.m.e. .f.r.o.m. .t.h.e. .c.r.e.a.t.o.r.s. .o.f. .W.o.r.l.d. .o.f. .T.a.n.k.s... .I.n. .t.h.i.s. .g.a.m.e. .f.l.e.e.t.s. .o.f. .l.e.g.e.n.d.a.r.y. .w.a.r. .f.r.o.m. .t.h.e. .f.i.r.s.t. .h.a.l.f. .o.f. .t.h.e. .t.w.e.n.t.i.e.t.h. .c.e.n.t.u.r.y... .B.e.c.o.m.e. .t.h.e. .b.e.s.t. .a.n.d. .c.o.n.q.u.e.r. .t.h.e. .s.e.a.s.!.&.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.r.u.n.d.l.l.3.2...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.Q.u.r.l.,.O.p.e.n.U.R.L. .".h.t.t.p.s.:././.y.a.g.o.a.w.a.y...r.u./

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.947593848770247
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:SecuriteInfo.com.Adware.005af3651.12124.22502.exe
                                                                            File size:2'362'910 bytes
                                                                            MD5:4c7fc3ea97b821d36545c3957b2d0da2
                                                                            SHA1:fe1d2a4867e4ac58d7f06857c6d506b16879ee40
                                                                            SHA256:6de058a8f8cba3bcec77779e831796f64a46ebccecc4f01d22179e78b6f7ef2f
                                                                            SHA512:57eedfd0f835b28cfe411ec32a2126b3cb87610927a63165fcbf9f905c517e58e6b966f19f0d351f93b0f363555e71d46137ac224cbb2157badf6342a55cb023
                                                                            SSDEEP:49152:gx9uhCSBqnGx6orrtsl9hDjT6jz9gbKlUnZj94vq9M9u8zJ:+9SBqnGxXrrCtT6abVZp4vqEu8V
                                                                            TLSH:1DB52382F3C705B1F8225931E562C990AE277D6808F4611A3CB8FF1D5B7F5864877AA3
                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                            File Icon

                                                                            Icon Hash:0dc59a99741e0d23

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x41181c
                                                                            Entrypoint Section:.itext
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:0
                                                                            File Version Major:5
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:20dd26497880c05caed9305b3c8b9109

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            add esp, FFFFFFA4h
                                                                            push ebx
                                                                            push esi
                                                                            push edi
                                                                            xor eax, eax
                                                                            mov dword ptr [ebp-3Ch], eax
                                                                            mov dword ptr [ebp-40h], eax
                                                                            mov dword ptr [ebp-5Ch], eax
                                                                            mov dword ptr [ebp-30h], eax
                                                                            mov dword ptr [ebp-38h], eax
                                                                            mov dword ptr [ebp-34h], eax
                                                                            mov dword ptr [ebp-2Ch], eax
                                                                            mov dword ptr [ebp-28h], eax
                                                                            mov dword ptr [ebp-14h], eax
                                                                            mov eax, 0041015Ch
                                                                            call 00007FF640FA617Dh
                                                                            xor eax, eax
                                                                            push ebp
                                                                            push 00411EFEh
                                                                            push dword ptr fs:[eax]
                                                                            mov dword ptr fs:[eax], esp
                                                                            xor edx, edx
                                                                            push ebp
                                                                            push 00411EBAh
                                                                            push dword ptr fs:[edx]
                                                                            mov dword ptr fs:[edx], esp
                                                                            mov eax, dword ptr [00415B48h]
                                                                            call 00007FF640FAE8DBh
                                                                            call 00007FF640FAE42Ah
                                                                            cmp byte ptr [00412AE0h], 00000000h
                                                                            je 00007FF640FB13FEh
                                                                            call 00007FF640FAE9F0h
                                                                            xor eax, eax
                                                                            call 00007FF640FA4215h
                                                                            lea edx, dword ptr [ebp-14h]
                                                                            xor eax, eax
                                                                            call 00007FF640FAB45Bh
                                                                            mov edx, dword ptr [ebp-14h]
                                                                            mov eax, 00418658h
                                                                            call 00007FF640FA47EAh
                                                                            push 00000002h
                                                                            push 00000000h
                                                                            push 00000001h
                                                                            mov ecx, dword ptr [00418658h]
                                                                            mov dl, 01h
                                                                            mov eax, dword ptr [0040C04Ch]
                                                                            call 00007FF640FABD72h
                                                                            mov dword ptr [0041865Ch], eax
                                                                            xor edx, edx
                                                                            push ebp
                                                                            push 00411E66h
                                                                            push dword ptr fs:[edx]
                                                                            mov dword ptr fs:[edx], esp
                                                                            call 00007FF640FAE94Eh
                                                                            mov dword ptr [00418664h], eax
                                                                            mov eax, dword ptr [00418664h]
                                                                            cmp dword ptr [eax+0Ch], 01h
                                                                            jne 00007FF640FB143Ah

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x190000xe04.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x17690.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1b0000x18.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x193040x214.idata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000xf25c0xf4000da5d73ffbc41792fa65a09058a91476False0.5482197745901639data6.375879013420213IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .itext0x110000xfa40x10002eb275566563c3f1d0099a0da7345b74False0.563720703125data5.778765357049134IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .data0x120000xc8c0xe0073b859e23f5fd17e00c08db2e0e73dfeFalse0.25362723214285715data2.3028287433175367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .bss0x130000x56bc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .idata0x190000xe040x1000e9b9c0328fd9628ad4d6ab8283dcb20eFalse0.321533203125data4.597812557707959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .tls0x1a0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rdata0x1b0000x180x2003dffc444ccc131c9dcee18db49ee6403False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x1c0000x180000x178003fe1b8df11e5fc63762f17120be84b63False0.31558552194148937data4.766134112575359IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x1c59c0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.5626332622601279
                                                                            RT_ICON0x1d4440x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                            RT_ICON0x1d56c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.6994584837545126
                                                                            RT_ICON0x1de140x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                            RT_ICON0x1e37c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.703757225433526
                                                                            RT_ICON0x1e8e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                            RT_ICON0x1ebcc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.36017949929145016
                                                                            RT_ICON0x22df40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                            RT_ICON0x2369c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.40736514522821576
                                                                            RT_ICON0x25c440x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.4378698224852071
                                                                            RT_ICON0x276ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4901500938086304
                                                                            RT_ICON0x287540x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5520491803278689
                                                                            RT_ICON0x290dc0x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.6075581395348837
                                                                            RT_ICON0x297940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6640070921985816
                                                                            RT_STRING0x29bfc0x68data0.6538461538461539
                                                                            RT_STRING0x29c640xd4data0.5283018867924528
                                                                            RT_STRING0x29d380xa4data0.6524390243902439
                                                                            RT_STRING0x29ddc0x2acdata0.45614035087719296
                                                                            RT_STRING0x2a0880x34cdata0.4218009478672986
                                                                            RT_STRING0x2a3d40x294data0.4106060606060606
                                                                            RT_RCDATA0x2a6680x82e8dataEnglishUnited States0.11261637622344235
                                                                            RT_RCDATA0x329500x10data1.5
                                                                            RT_RCDATA0x329600x150data0.8392857142857143
                                                                            RT_RCDATA0x32ab00x2cdata1.1818181818181819
                                                                            RT_GROUP_ICON0x32adc0x92dataEnglishUnited States0.678082191780822
                                                                            RT_VERSION0x32b700x4f4dataEnglishUnited States0.26498422712933756
                                                                            RT_MANIFEST0x330640x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                            Imports

                                                                            DLLImport
                                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                            user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                            user32.dllCreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
                                                                            kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
                                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
                                                                            comctl32.dllInitCommonControls
                                                                            kernel32.dllSleep
                                                                            advapi32.dllAdjustTokenPrivileges

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States
                                                                            DutchNetherlands

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Apr 16, 2024 21:36:09.155069113 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.155111074 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.155307055 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.156593084 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.156620979 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.389072895 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.389172077 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.392712116 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.392735958 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.393138885 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.436542034 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.448327065 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.496126890 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.619301081 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.619520903 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.619605064 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.634849072 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.634881973 CEST4434970434.117.186.192192.168.2.5
                                                                            Apr 16, 2024 21:36:09.634898901 CEST49704443192.168.2.534.117.186.192
                                                                            Apr 16, 2024 21:36:09.634907007 CEST4434970434.117.186.192192.168.2.5

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Apr 16, 2024 21:36:09.041445971 CEST5289953192.168.2.51.1.1.1
                                                                            Apr 16, 2024 21:36:09.149472952 CEST53528991.1.1.1192.168.2.5

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Apr 16, 2024 21:36:09.041445971 CEST192.168.2.51.1.1.10x4d3bStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Apr 16, 2024 21:36:09.149472952 CEST1.1.1.1192.168.2.50x4d3bNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • ipinfo.io

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.54970434.117.186.1924433252C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-04-16 19:36:09 UTC150OUTGET /country HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: ipinfo.io
                                                                            2024-04-16 19:36:09 UTC504INHTTP/1.1 200 OK
                                                                            server: nginx/1.24.0
                                                                            date: Tue, 16 Apr 2024 19:36:09 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            Content-Length: 3
                                                                            access-control-allow-origin: *
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-xss-protection: 1; mode=block
                                                                            x-content-type-options: nosniff
                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                            x-envoy-upstream-service-time: 3
                                                                            via: 1.1 google
                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2024-04-16 19:36:09 UTC3INData Raw: 55 53 0a
                                                                            Data Ascii: US


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:21:35:55
                                                                            Start date:16/04/2024
                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
                                                                            Imagebase:0x400000
                                                                            File size:2'362'910 bytes
                                                                            MD5 hash:4C7FC3EA97B821D36545C3957B2D0DA2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:21:35:56
                                                                            Start date:16/04/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-EHUNG.tmp\SecuriteInfo.com.Adware.005af3651.12124.22502.tmp" /SL5="$1044A,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.Adware.005af3651.12124.22502.exe"
                                                                            Imagebase:0x400000
                                                                            File size:1'232'896 bytes
                                                                            MD5 hash:74BB8D5B7E2F57DFFD90BD7EA75F0A4C
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Antivirus matches:
                                                                            • Detection: 8%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Disassembly

                                                                            No disassembly